Update - May 23, 2014 - 10:15AP PST - Update
D-Link has been made aware the author of the original disclosure has release additional information regarding further vulnerabilities @ Link.
The new report will require a new advisory post. We still encourage the end-user to update to this fimrware till a fix for the new report has been released.
Overview
The DIR-505 / DIR-5050L Rev. Ax contains a flaw that allows a malicious user to cause an overflow (halt in executing application) in the device software that allows access to it's operating system and allows unauthenticated commands to be executied.
References
Craig @ /dev/ttyS0 - Link (This article is for D-Link DSP-W215, please refer to bottom of article on it source "Incidentally, D-Link’s DIR-505 & DIR-505L travel routers is also affected by this bug, as it has a nearly identical my_cgi.cgi binary.")
Description
In order to maintain author's intent and accuracy of the disclosure please read at: Link (This article is for D-Link DSP-W215, please refer to bottom of article on it source "Incidentally, D-Link’s DIR-505L travel router is also affected by this bug, as it has a nearly identical my_cgi.cgi binary.")
The author discovered the exploits by inspecting the firmware and recognizing how the mobile applications utilizes the Home Network Administration Protocol (HNAP) to configure the smart plug.
By accessing the device application for the plug through the HNAP protocol, a malicious user can access device infomation unauthenticated. Once this information is disclosed an exploit can be pushed to the device crashing the application and providing the malicious user access to the core operating system to perform further exploits. This can lead to the device being reconfigured and/or unstable.
Since the product is an application on the LAN-side of your Home network, the malicious user would have to have exploted the home network or have direct access to the network the device is located.
Affected Product
Model Name
|
HW Version
|
Current FW Version
|
New FW Version for this exploit fix
|
DAP-1320 |
Ax |
v. 1.02b07 and older |
FW: 1.21b01
Release Notes: Link
|
DIR-505
|
Ax
|
v. 1.07 and older
|
FW: 1.08b10
Release Notes: Link
|
DIR-505L |
Ax |
v. 1.01 and older |
FW: Pending |
Security patch for your D-Link Devices
These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.