• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10029
DIR-505 / DIR-505L / DAP-1320 - All Revisions - Stack Overflow - Command Bypass - Information Disclosure - (FW: 1.07 and older / 1.01 and older)
Publication ID: SAP10029
Resolved Status: Partial
Published on: 23 May 2014 5:19 GMT
Last updated on: 17 July 2014 4:54 GMT

Update - May 23, 2014 - 10:15AP PST - Update

 

D-Link has been made aware the author of the original disclosure has release additional information regarding further vulnerabilities @ Link.

The new report will require a new advisory post. We still encourage the end-user to update to this fimrware till a fix for the new report has been released.

 

Overview

 

The DIR-505 / DIR-5050L Rev. Ax contains a flaw that allows a malicious user to cause an overflow (halt in executing application) in the device software that allows access to it's operating system and allows unauthenticated commands to be executied.

 

References

 

Craig @ /dev/ttyS0 - Link  (This article is for D-Link DSP-W215, please refer to bottom of article on it source "Incidentally, D-Link’s DIR-505 & DIR-505L travel routers is also affected by this bug, as it has a nearly identical my_cgi.cgi binary.")

 

Description

 

In order to maintain author's intent and accuracy of the disclosure please read at:  Link (This article is for D-Link DSP-W215, please refer to bottom of article on it source "Incidentally, D-Link’s DIR-505L travel router is also affected by this bug, as it has a nearly identical my_cgi.cgi binary.")

 

The author discovered the exploits by inspecting the firmware and recognizing how the mobile applications utilizes the Home Network Administration Protocol (HNAP) to configure the smart plug.

 

By accessing the device application for the plug through the HNAP protocol, a malicious user can access device infomation unauthenticated. Once this information is disclosed an exploit can be pushed to the device crashing the application and providing the malicious user access to the core operating system to perform further exploits.  This can lead to the device being reconfigured and/or unstable.

 

Since the product is an application on the LAN-side of your Home network, the malicious user would have to have exploted the home network or have direct access to the network the device is located.

 

 

 

Affected Product

   

Model Name

HW Version

Current FW Version

New FW Version for this exploit fix
DAP-1320 Ax v. 1.02b07 and older

FW: 1.21b01

Release Notes: Link

DIR-505

Ax

v. 1.07 and older

FW: 1.08b10

Release Notes: Link
DIR-505L Ax v. 1.01 and older FW: Pending

 

Security patch for your D-Link Devices

 

These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.