SB2020042128 - Multiple vulnerabilities in D-Link DSL-2640B
Published: April 21, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2020-9275)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to and error in a cfm UDP service listening on port 65002. A remote attacker on the local network can send a specific UDP packet and cause unauthenticated exfiltration of administrative credentials.
This vulnerability affects devices with the following versions:
- Hardware version: B2
- Firmware version: ver.4.01
2) Stack-based buffer overflow (CVE-ID: CVE-2020-9276)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "do_cgi()" function. A remote authenticated attacker on the local network can send a specially crafted HTTP request, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277
This vulnerability affects devices with the following versions:
- Hardware version: B2
- Firmware version: ver.4.01
3) Improper access control (CVE-ID: CVE-2020-9278)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in "rebootinfo.cgi", "ppppasswordinfo.cgi", "qosqueue.cmd?action=savReboot" and "restoreinfo.cgi" URLs. A remote attacker on the local network can access a specific URL, bypass implemented security restrictions and reset the device to its default configuration.
This vulnerability affects devices with the following versions:
- Hardware version: B2
- Firmware version: ver.4.01
4) Use of hard-coded credentials (CVE-ID: CVE-2020-9279)
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code in the "libpsi.so" library. A remote attacker on the local network can access the affected system using the hard-coded credentials, perform critical tasks and take full control of the device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.This vulnerability affects devices with the following versions:
- Hardware version: B2
- Firmware version: ver.4.01
5) Improper Authentication (CVE-ID: CVE-2020-9277)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when accessing cgi modules. A remote attacker on the local network can bypass authentication process and perform administrative tasks.
This vulnerability affects devices with the following versions:- Hardware version: B2
- Firmware version: ver.4.01
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://raelize.com/advisories/CVE-2020-9275_D-Link-DSL-2640B_Remote-Credentials-Exfiltration_v1.0.txt
- https://raelize.com/posts/d-link-dsl-2640b-security-advisories/
- https://www.dlink.com/en/security-bulletin
- https://raelize.com/advisories/CVE-2020-9276_D-Link-DSL-2640B_do_cgi-buffer-overflow_v1.0.txt
- https://raelize.com/advisories/CVE-2020-9278_D-Link-DSL-2640B_Unauthenticated-configuration-reset_v1.0.txt
- https://raelize.com/advisories/CVE-2020-9279_D-Link-DSL-2640B_Hard-coded-privileged-account_v1.0.txt
- https://raelize.com/advisories/CVE-2020-9277_D-Link-DSL-2640B_CGI-Authentication-bypass_v1.0.txt