• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10037
OSPF Feature Vulnerability - Recommendations for D-Link Products supporting OSPF
Publication ID: SAP10037
Resolved Status: Yes
Published on: 3 July 2014 5:21 GMT
Last updated on: 17 July 2014 6:46 GMT

Overview

 

The OSPF vulnerability can allow an attacker to re-route traffic through their own router, compromising the confidentiality of the data, or to conduct a Denial of Service attack against a router, dropping all traffic.

 

D-Link Security Incident Reponse Policy

 

All public communication on this issue will be offered at http://securityadvisories.dlink.com/security/

Our security response team can be contacted for incident information or to report incidents at security@dlink.com

Any non-critical security issue, help in updating firmware, or configuration regarding this issue please contact your D-Link Customer care channel.

 

Reference

 

CERT - VU#229804

NIST - CVE-2013-0149

 

 

General Disclosure

 

Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.  We will continue to update this page to include the relevant product firmware updates addressing these concerns. In the meantime, you can exercise the below cautions to avoid unwanted intrusion into your D-Link product.

 

Immediate Recommendations for all D-Link customers

     

  • Do not enable the Remote Management feature since this will allow malicious users to use this exploit from the internet.  Remote Management is default disabled on all D-Link Devices and is included for customer care troubleshooting if useful and the customer enables it.
  • If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorzed persons to access your device. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
  • Make sure that your wireless network is secure.
  • Do not provide your admin password to anyone. If required we suggest updating the password frequently.

 

Description

 

We encourage you to contact the author for further infomation at http://www.kb.cert.org/vuls/id/229804. The author can provide furhter details.

 

D-Link distributes a number of devices which could potentially be affected by this vulnerability; chiefly, any L3 managed switch that supports OSPF has the possibility of being subject to this attack.

Work Arounds:


D-Link is working to reduce the potential impact of this vulnerability, which is a result of an ambiguous standard. Currently we advise the following:


As always, adhering to best practices will be the strongest defense against attacks. As long as your physical devices, networks, and protocols are secured, it will be very difficult for an attacker to insert a rogue LSA to initiate this type of attack.



First, this vulnerability does not defeat cryptographic (MD5) authentication, we recommend a strong MD5 authentication key as your best defense.  We also recommend that administrators enable the OSPF passive interface feature to  stop sending or receiving routing table updates on interfaces that do not participate in  OSPF.


Finally, we recommend that networks use MAC-based Access Control (MAC) to authenticate devices before they are able to communicate with the network. The MAC feature is a client-less design so there is no need to install extra software on a user’s computer, and ensures that only devices on a whitelist will have access to the network. When used in conjunction with common security best practices, it can help to strongly limit the possible vectors of attack.


D-Link is monitoring the situation for an update to the standard that can be implemented  to protect potentially affected devices.


 

 

Affected Products

 

 

Model Name

HW Version

Current FW Version

New FW Version for this exploit fix

DES-38xx Series

All

All

If using OSPF Feature, please use current workaround till more information is available
DES-72xx Series All All If using OSPF Feature, please use current workaround till more information is available
DGS-36xx Series All All If using OSPF Feature, please use current workaround till more information is available
DGS-3120 Series Rev. B and newer with s/w upgrade Requires upgrade to enable feature If using OSPF Feature, please use current workaround till more information is available
DGS-66xx Series All All If using OSPF Feature, please use current workaround till more information is available
DXS-3600 Series All All If using OSPF Feature, please use current workaround till more information is available
DFL-8xx and larger Series All All If using OSPF Feature, please use current workaround till more information is available

 

Security patch for your D-Link router

 

These firmware updates address the security vulnerabilities in affected D-Link routers. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.

 

To update the firmware please log-in to the Web-GUI interface of your device, from the menu select Maintanence -> System -> Upgrade Firmware. If you require help please contact your regional D-Link customer care website for options.