Researchers Find Multiple Security Holes in D-Link and SOHO Routers
A reported 53 issues were found in D-Link products and 22 in SOHO routers.
A security report found 53 unique vulnerabilities in multiple D-Link devices used for both home and enterprise.
Security experts and students from Search Labs and the Universidad Europea de Madrid posted the findings last week on Full Disclosure. In it they found that some of the holes could lead to a remote code execution attack.
"Authentication can be bypassed in several ways, allowing an attacker to take full control over the device without the need to exploit any programming or design bugs," read the report. Further, some workarounds that have been issued by D-Link to fix older security issues could lead to a hijacking of a system via command injection, said the security research group.
The group said that multiple security patches had been released by D-Link to address many of the 53 issues. However, even with the security fixes applied, it's still possible to leverage the holes in an attack. "It was still possible to perform unauthenticated file upload to an arbitrarily chosen location, which also lead to the possibility for an attacker to take full control over the device."
Affected devices include the D-Link DNS-320 ShareCenter 2-Bay network storage device, the D-Link ShareCenter Cloud Storage 2000 2-Bay (Diskless) Network Attached Storage and the DNR-326 2-Bay Professional Network Video Recorder, to name a few.
The research group has been in contact with D-Link since last summer and has only disclosed issues that have either been addressed by official patches or has been in review by D-Link.
The students at the Universidad Europea de Madrid weren't done with their hardware security disclosures. Along with the D-Link release, the group released limited information on more than 60 undisclosed vulnerabilities in 22 different SOHO routers. Both reports were made as practice for their master's thesis in IT security.
Most security holes disclosed affect multiple routers and could lead to many different attacks, including authentication bypass, malicious code injection, accessing data connected to storage devices via USB and rebooted affected routers. According to the group, currently the most effective attack "is found inside the Advance/SNMP subdirectory. By injecting the script into the System Name field, the malicious code will be executed each time someone connects to the router because the script is reflected into the home page."
The list of affected router models include the Observa Telecom AW4062, Comtrend WAP-5813n, Belkin F5D7632-4 and Netgear CG3100D, to name a few.
Unlike the D-Link issues, the security group said that these issues have not been addressed. Common Vulnerabilities and Exposures (CVE) have been requested for the problems, but none have been issued yet. Also, all affected vendors have been alerted to the security holes.