Overview
The D-Link DAP-2553 IEEE 802.11n Access Point has multiple vulnerabilities present that allow malicious attacks using various exploits. These vulnerabilities allows an attacker, can get access to the configration, which allows the ability to change configuration or cause the product to be unreliable.
D-Link Security Incident Reponse Policy
All public communication on this issue will be offered at http://securityadvisories.dlink.com/security/
Our security response team can be contacted for incident information or to report incidents at security@dlink.com
Any non-critical security issue, help in updating firmware, or configuration regarding this issue please contact your D-Link Customer care channel.
Reference
D-Link Europe - security@dlink.com
Others (non-disclosed) - As of November 26, 2013
Details
The DAP-2553 is suceptible to multiple vulnerabilities that may allow mallicious attacker access to the device and modify it's configuration.
Broken Authentication and Session Management
After a user has successful authenticated to the web-gui, an attacker, who captured the IP address of the authenticated one, has full access to the DAP-2553 without any new authentication or login request. This is critical, because e.g. users behind a proxy have all access to the DAP-2553 (because they enter the web-gui with the same IP-address) after the first one is successfully authenticated.
Cross-Site Scripting (XSS)
XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls.
Security Misconfiguration
Because of the weaknesses described above, getting some information about the configuration is very easy. E.g. to change the Admin password, you have to enter the old one. This is done via Java Script and while the page is loading, the existing password is transferred in plain text already.
Together with the weak authentication, with only checking the IP-address as described, it’s very easy to read out the existing Admin password.
Cross-Site Request Forgery
While sending data from the web-gui formula, no tokens are used or needed to receive this data. So the attacker can have (write) access to the configuration of the DAP-2553 via manipulated websites. If a legitimated admin user has successfully logged into the web gui and in parallel open an manipulated website, an attacker is able to have access to the DAP-2553 through an cross site request forgery.
In order to comply and close these vulnerability D-Link has release new firmware and matching SNMP MIB that corrects this vulnerability.
Effected Products
|
Model Name
|
HW Version
|
Current FW Version
|
New FW Version for this exploit fix
|
|
DAP-2553
|
A1
|
v. 1.26rc55 and lower
|
Firmware & MIB: v.1.30
Release Notes: Here
|
Security patches for your D-Link Product
These firmware updates address the security vulnerabilities in affected D-Link products. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.
To update the firmware please log-in to the Web-GUI interface of your DAP-2553, from the menu select Maintanence -> System -> Upgrade Firmware. If you require help please contact your regional D-Link customer care website for options.
DAP-2553 Revision A1
Firmware & MIB: v.1.30 Release Notes: Here