Overview
The DIR-615 Rev. H1 contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. This disclosure of the CSRF vulnerabilities for the DIR-615 family is well-documented. This disclosure serves as more of a method to exploit these types of CSRF on the DIR-615 Rev. H.
References
Charlie Eriksen - Two-Stage CSRF Attack - http://ceriksen.com/2012/09/29/two-stage-csrf-attacks/
Details
In order to maintain the integrity and accuracy of the authors disclosure please read: http://ceriksen.com/2012/09/29/two-stage-csrf-attacks/
The following is a summary from the orginal post on the solution to exploit the router:
It was found by the author, in order to get a successful remote exploit, one must:
- Control of timing between requests
- To still have control of the page the user loaded, even if the form navigates to a target.
- No popups
- Little, if any, indication to the user that their router is being owned
The author implements a attack that not clean but effective. The exploit can be performed using any default browser without any other tools . By setting each form target to a different frame and using a 3-part payload, he was able to exploit the router's CSRF vulnerability.
Affected Products
|
Model Name
|
HW Version
|
Current FW Version
|
New FW Version for this exploit fix
|
|
DIR-615
|
H1
|
v8.0A and loswer
|
FW: 8.05b06
(Pending Download Link)
|
Security patch for your D-Link Devices
These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.