Overview
The Several of D-Link's Wireless Routers contains a vulnerability that allows a malicious user to escalate privilege using normally unprivileged HNAP commands. This allow them to inject arbitrary commands into the router.
References
Zhang Wei (Qihoo360 ADLAB) (Link to follow)
Description
An attacker who wishes to gain acces to the router sends an unprivileged HNAP command such as GetDeviceSettings, they append to the command an additional command separated with an "/", which is used as a separator between commands. Any command(s) after the first will be executed unauthenticated. Additionally, additional commands will be passed directly to the underlying Linux system, allowing the injection of arbitrary system commands.
The GetDeviceSettings HNAP Command is used to indicate some very common parameters (e.g. the domain name of the HNAP device), as well as to define which HNAP commands are available.
Affected Product
Model Name
|
HW Version
|
Vulnerable FW Versions
|
Current FW Versions (include fixes)
|
DAP-1522 |
B1 |
2.01B01 and older |
Patch Notes: Link
(Updated: 04/25/2015)
|
DIR-300 |
B1 |
2.15B01 and older |
Patch Notes: Link
(Updated: 04/25/2015)
|
DIR-600 |
B1 |
2.17B02 and older |
Patch Notes: Link
(Updated: 04/25/2015)
|
DIR-629 |
A1 |
1.01 and older |
|
DIR-645 |
A1 |
1.04B12 and older |
Patch Notes: Link
|
DIR-815 |
B1 |
2.03B08 and older |
Patch Notes: Link
(Updated: 04/24/2015)
|
DIR-816L |
A1 |
1.00 and older |
Patch Notes: Link
(Updated: 04/23/2015)
|
DIR-816L |
B1 |
2.05B02 and older |
Patch Notes: Link
(Updated: 04/22/2015)
|
DIR-817LW |
A1 |
1.03B05 and older |
Patch Notes: Link
(Updated: 04/22/2015)
|
DIR-818L |
A1 |
1.04B03 and older |
Patch Notes: Link
(Updated: 04/21/2015)
|
DIR-818LW |
B1 |
2.03B01 and older |
Patch Notes: Link
(Updated: 04/21/2015)
|
DIR-820LW |
B1 |
2.01 and older |
Patch Notes: Link
(Updated: 04/24/2015)
|
DIR-850L |
A1/B1 |
A1: 1.12B05 and older
B1: 2.03B01 and older
|
(Updated: 04/24/2015)
|
DIR-860L |
A1/B1 |
A1: 1.09B06 and older
B1: 2.01B03 and older
|
(Updated: 04/24/2015)
|
DIR-865L |
A1 |
1.07B01 and older |
(Updated: 04/24/2015) |
DIR-868L |
A1 |
1.10B03 and older |
(Updated: 04/24/2015) |
DIR-880L |
A1 |
1.03b11 and older |
|
DIR-890L
|
A1 |
1.06b01 and older |
Patch Notes: Link
(Updated: 04/16/2015)
|
Security patch for your D-Link Devices
These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.