DD-WRT, I Know Where You Live – /dev/ttyS0

I’ve always envied CSI’s amazing IP address geolocation capabilities. Not only can they get your exact physical address based solely off your IP (right down to your hotel room number!), it even works on IP addresses that don’t exist! While that level of IP address tracking is beyond the grasp… Continue reading

WBR-1310 Authentication Bypass Vulnerability – /dev/ttyS0

The D-Link WBR-1310 contains an authentication bypass vulnerability that allows remote attackers to change administrative settings without authentication. This can be used to enable remote management and change the administrative password. Note that even if remote administration is not enabled, this vulnerability can be easily exploited via CSRF. Read the… Continue reading

Breaking SSL on Embedded Devices – /dev/ttyS0

No, this is not some new SSL vulnerability. In fact, it’s a really old vulnerability, as old as cryptography itself: keep your secret keys secret. A lot of embedded devices provide HTTPS support so that administrators can administer the devices securely over untrusted networks. Some devices, such as SSL VPNs,… Continue reading

DIR-615 revD UK Firmware HNAP Vulnerability – /dev/ttyS0

The UK firmware (version 4.11) for the D-Link DIR-615 revision D router contains a privilege escalation vulnerability in its HNAP service. Using the unprivileged ‘user’ account on the device, local users can edit administrative settings, including the administrator password. Since the ‘user’ account is often ignored (default password is blank),… Continue reading

Multiple D-Link Router Vulnerabilities – /dev/ttyS0

We have discovered* an authentication bypass vulnerability that affects multiple D-Link routers, specifically those that use PHP based Web interfaces. So far we have confirmed that the following devices are affected: DIR-300 DIR-320 DIR-615 revD It appears that the same PHP code was re-used among these routers, so it is… Continue reading