Security bypass in D-Link Hardware solutions

#VU4601 Security bypass in D-Link Hardware solutions

Published: 2017-01-16

Vulnerability identifier: #VU4601

Vulnerability risk: Critical

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2013-6026

CWE-ID: CWE-113

Exploitation vector: Network

Exploit availability: No

Vendor: Planex
D-Link

Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error in the alpha_auth_check() function. By setting the user agent string to xmlset_roodkcableoj28840ybtide, an attacker can send an HTTP request to bypass authentication and obtain administrative access to the device.

Successful exploitation of the vulnerability results in full access to the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Brl-04ur: 1.0.1

Dsl-321B: 1.02

Dsl-320B: 1.25

Dir-865L: 1.05b07

Dir-845L: 1.01b02

Dir-815: 1.03

Dir-645: 1.03

Dir-615: 1.03

Dir-600: 2.17b02

Dir-300: 1.06b05

Dir-120: 1.05b02

Dir-100: 1.14b02

Di-524up: 1.08b02

Dir-524: 5.13b01

External links
http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Backdoor in D-Link routers