• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10030
DAP-1150- Rev. Bx - Multiple Vulnerabilities - CSRF, XSS, Information Disclosure - (FW: Bx: 2.x)
Publication ID: SAP10030
Resolved Status: Open
Published on: 27 June 2014 12:28 GMT
Last updated on: 30 June 2014 8:30 GMT

 

Overview

 

The DAP-1150 Rev./Bx F/W: 2.x and below  is susceptible to several CSRF and XSS attacks that may result in Abuse of Feature exploits. These vulnerabilities may allow an attacker the ability to change configuration or cause the product to be unreliable. The device can run in several modes including wireless AP or wireless Router modes.  The accreditied references below do have the ability to effect the device running in either mode.

 

D-Link Security Incident Reponse Policy

 

All public communication on this issue will be offered at : http://securityadvisories.dlink.com/security/

Our security response team can be contacted for incident information or to report incidents at security@dlink.com

Any non-critical security issue, help in updating firmware, or configuration regarding this issue please contact your D-Link Customer care channel.

 

Reference

 

Author : Administrator - http://websecurity.com.ua  

 

2011: http://securityvulns.ru/docs27440.html

2012: http://securityvulns.ru/docs27676.html

2012: http://securityvulns.ru/docs27677.html

April 18, 2014: http://seclists.org/fulldisclosure/2014/Apr/246  /  http://websecurity.com.ua/7112/

 

General Disclosure

 

Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.  We will continue to update this page to include the relevant product firmware updates addressing these concerns. In the meantime, you can exercise the below cautions to avoid unwanted intrusion into your D-Link product.

 

Immediate Generai Recommendations for all D-Link router customers

     

  • Do not enable the Remote Management feature since this will allow malicious users to use this exploit from the internet.  Remote Management is default disabled on all D-Link Routers and is included for customer care troubleshooting if useful and the customer enables it.
  • If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorised persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
  • Make sure that your wireless network is secure.
  • Do not provide your admin password to anyone. If required we suggest updating the password frequently.

 

Description

 

Please read the details from the author at: http://seclists.org/fulldisclosure/2014/Apr/246

 

Details are left to  the authors original disclosure to avoid miscommunication and duplicaation of work and ownership. We offer the following as a summary pulled from the authors linked document.

 

The device is reported to have many CSRF, XSS vulnerabilities in its web configuration pages regardless if the product is running as a wireless AP or wireless router. The following are examples of exploits that can be performed on the product

 

- CSRF (WASC-09): In Web-GUI configuration section Firewall / DMZ via CSRF it's possible to change settings of DMZ.

- CSRF (WASC-09): In Web-GUI configuration  section Conrol / URL-Filter it's possible to add, edit and delete settings of URL-filters.

- Abuse of Functionality (WASC-42): In Web-GUI configuration Contorl/ URL-Filter possible to block access to URLs

- XSS (WASC-08): The Web-GUI configuration Contorl contains a persistent XSS exploit which allows URL-Filter it's possible to add, edit and delete settings of URL-filters.

 

 

Affected Products

 

 

Model Name

HW Version

Current FW Version

New FW Version for this exploit fix

DAP-1150

Bx

Rev: Bx - FW 2.x or older

Confirmed - Waiting Fix Updated: 06/26//2014

 

Security patch for your D-Link router

 

These firmware updates address the security vulnerabilities in affected D-Link routers. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.

 

To update the firmware please log-in to the Web-GUI interface of your device, from the menu select Maintanence -> System -> Upgrade Firmware. If you require help please contact your regional D-Link customer care website for options.