D-Link started issuing patches for several of its home router products on Monday after three vulnerabilities were discovered by an independent researcher.
Canadian systems engineer Peter Adkins found the devices were susceptible to remote access attacks, the most severe of which was the ability to hijack DNS settings via a cross-site request forgery vulnerability (CSRF):
Due to the nature of the ping.ccp vulnerability, an attacker can gain root access, hijack DNS settings or execute arbitrary commands on these devices [by] the user simply visiting a webpage with a malicious HTTP form embedded (via CSRF).
Adkins said he published his findings last week, after communication with D-Link had ended more than a month previously.
D-Link has now acknowledged the existence of a problem, saying that three new firmware updates have been released for its DIR-820L router.
In an advisory, the company said it will release additional firmware updates over the coming week, encompassing the following router models:
Adkins believes additional products are also affected.
D-Link confirmed Adkin’s research, explaining the existence of three potential vulnerabilities in at least some of its router lineup:
[The] first vulnerability reportedly relates to a malicious user who might be connected to the LAN-side of the device to use the devices upload utility to load malicious code without authentication.
A second vulnerability reportedly relates to the device’s ping utility that might permit command injection without authentication.
A third vulnerability reportedly may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack disclosing information about the devices configuration.
D-Link made several recommendations to its affected customers:
- Check their router’s history, looking for any signs of unauthorised access. They should also disable remote administrative access if they haven’t already done so.
- Ensure that Wi-Fi connections are secured with suitable encryption, and connected devices are kept fully patched and scanned on a regular basis with security software.
- Revisit the advisory page on a regular basis to check for firmware announcements, making sure they are installed as soon as available.
D-Link is no stranger to security issues with its routers – last month we wrote about how the DSL-2740R had been found to be vulnerable to traffic rerouting and DNS hijacking and, in 2013, we brought you news of “Joel’s Backdoor“, an easy means to gain backdoor access to the administration interface on a number of the company’s routers.