DIR-615 revD UK Firmware HNAP Vulnerability – /dev/ttyS0

The UK firmware (version 4.11) for the D-Link DIR-615 revision D router contains a privilege escalation vulnerability in its HNAP service.

Using the unprivileged ‘user’ account on the device, local users can edit administrative settings, including the administrator password. Since the ‘user’ account is often ignored (default password is blank), this exploit is likely to work against any DIR-615 revision D router running the 4.11 firmware.

This vulnerability can be exploited using the hnap0wn tool. See our vulnerability report for more details.

Bookmark the permalink.

Comments are closed.