Vulnerability identifier: #VU4601
Vulnerability risk: Critical
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-113
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Brl-04ur
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dsl-321B
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dsl-320B
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-865L
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-845L
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-815
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-645
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-615
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-600
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-300
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-120
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-100
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Di-524up
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Dir-524
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an error in the alpha_auth_check() function. By setting the user agent string to xmlset_roodkcableoj28840ybtide, an attacker can send an HTTP request to bypass authentication and obtain administrative access to the device.
Successful exploitation of the vulnerability results in full access to the vulnerable system.
Note: the vulnerability was being actively exploited.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Brl-04ur: 1.0.1
Dsl-321B: 1.02
Dsl-320B: 1.25
Dir-865L: 1.05b07
Dir-845L: 1.01b02
Dir-815: 1.03
Dir-645: 1.03
Dir-615: 1.03
Dir-600: 2.17b02
Dir-300: 1.06b05
Dir-120: 1.05b02
Dir-100: 1.14b02
Di-524up: 1.08b02
Dir-524: 5.13b01
External links
http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.