Multiple D-Link Router Vulnerabilities

We have discovered* an authentication bypass vulnerability that affects multiple D-Link routers, specifically those that use PHP based Web interfaces. So far we have confirmed that the following devices are affected:

  • DIR-300
  • DIR-320
  • DIR-615 revD

It appears that the same PHP code was re-used among these routers, so it is likely that other routers are affected as well.

It should be noted that this vulnerability does not only affect those devices that have remote administration enabled. Even with remote administration disabled, this vulnerability can be exploited using a simple hidden image tag in a malicious Web page; as soon as someone behind one of these routers browses to the  malicious page, their browser can be used to re-configure the device.

See our vulnerability report for more detailed information.

* It looks like Karol Celin from Safe Computing found this bug in some of the same routers we did and beat us to the punch! Good to see that others are looking at these devices too! See his BugTraq disclosure here. Our disclosure report further confirms that the DIR-320 and DIR-615 revD devices are also vulnerable.

Tagged , , , , . Bookmark the permalink.

7 Responses to Multiple D-Link Router Vulnerabilities

  1. Mohamed Clay says:

    that’s nice for a start

    Best wishes

  2. Craig says:

    @reader:

    Links are fixed now.

    @Mohamed:

    Thanks! There’s plenty more to come. 🙂

  3. Yep. Sounds good. Couldn’t agree more.

  4. I’m just wondering if it’s possible to borrow part of this article to use for my powerpoint project.

  5. Pingback: Multiple D-Link Router Vulnerabilities | Linux-backtrack.com

Leave a Reply

Your email address will not be published. Required fields are marked *