#VU13007 Privilege escalation (backdoor) in DIR-620
Vulnerability identifier: #VU13007
Vulnerability risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-798
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
DIR-620
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: D-Link
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exist due use of hardcoded default credentials for web dashboard. A remote attacker can use a backdoor account to gain privileged access to the firmware, extract sensitive data, e.g., configuration files with plain-text passwords, run arbitrary JavaScript code in the user environment and run arbitrary commands in the router’s operating system (OS).
Successful exploitation of the vulnerability may result in system compromise.
Mitigation
To mitigate the issues Kaspersky recommends:
- Restrict any access to the web dashboard using a whitelist of trusted IPs
- Restrict any access to Telnet
- Regularly change your router admin username and password.
Vulnerable software versions
DIR-620: 1.0.37
External links
http://securelist.com/backdoors-in-d-links-backyard/85530/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
