• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10016
DIR-615 - Rev. Ex - Web Configuration Pages have CSRF Vulnerabilities- (F/W 5.10 and Lower)
Publication ID: SAP10016
Resolved Status: Yes
Published on: 7 March 2014 1:08 GMT
Last updated on: 1 July 2014 7:47 GMT

Overview

 

The DIR-615 Rev. Ex ontains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the redpass.cgi script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of an configuration data. An attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

 

References

 

http://security-geek.in/blog/  -   http://packetstormsecurity.com/files/125307/D-LINK-DIR-615-Cross-Site-Request-Forgery.html

 

Details

 

  •  Authenticating to the web management interface from one IP opens up passwordless access from all other IPs.
  • Passwords are not encrypted as shown by requesting the a backup of the configuration file.
  •  No CSRF mitigations are in place and it is not apparent how to log out from the web interface after making changes
  • XSS payloads can be injected into the web interface ping utility.  For example, posting to ping_response.cgi with ping_ipaddr=8.8.8.8"><img src=x onerror=alert(1)> will plant XSS that will subsequently be executed when a user visits the diagnostics page where ping results are displayed.
  • Several information disclosures reveal system configuration to unauthorized requests. 

Affected Products

   

Model Name

HW Version

Current FW Version

New FW Version for this exploit fix

DIR-615

Ex

v5.10 and lower

V. 5.14b01 (Firmware)

Release Notes

 

Security patch for your D-Link Devices

 

These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.