We have discovered* an authentication bypass vulnerability that affects multiple D-Link routers, specifically those that use PHP based Web interfaces. So far we have confirmed that the following devices are affected:
- DIR-615 revD
It appears that the same PHP code was re-used among these routers, so it is likely that other routers are affected as well.
It should be noted that this vulnerability does not only affect those devices that have remote administration enabled. Even with remote administration disabled, this vulnerability can be exploited using a simple hidden image tag in a malicious Web page; as soon as someone behind one of these routers browses to the malicious page, their browser can be used to re-configure the device.
See our vulnerability report for more detailed information.
* It looks like Karol Celin from Safe Computing found this bug in some of the same routers we did and beat us to the punch! Good to see that others are looking at these devices too! See his BugTraq disclosure here. Our disclosure report further confirms that the DIR-320 and DIR-615 revD devices are also vulnerable.