Overview
A 3rd party has reported AllegroSoft RomPager (4.34 and earlier) Webserver, may allow a malicious user to gain access to a affected device and it's configuration. The webserver is used to present the device's configuration to a user's web browser for customization. The exploit for this vulnerability is performed by sending a special-crafted web browser cookie which triggers memory corruption and halts the device's running software. If the device's software halts, it may provided access to it's operating system's command prompt. Until mid-2014 vulnerability is known as the Rom-0 or RomPager Vulnerability. Recently it was sensationalized as the "Misfortune Cookie" vulnerability by Check Point Software Technologies, Inc.
D-Link affected models are limited to some carrier xDSL-broadband gateways and one consumer router sold internationally (Non-US). Please see the Affected Model list below.
Most affected models are carrier specific certified firmware which must be offered from the carrier based upon agreements.. D-Link gateways received from a carrier should receive patches automatically from their carrier. We encourage you to contact your carriers support if you have an affected device on the list below.
If you acquired a device outside carrier service or a device that is repurposed please see the list below for the most update information.
References
CVE-2014-9222 :: Rompager Misfortune Cookie Vulnerability :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222
CVE-2014-9223 :: Rompager Digest Buffer Overflow Vulnerability :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9223
Check Point Software Technologies :: Misfortune Cookie Reference :: https://www.checkpoint.com/downloads/partners/Misfortune_Cookie_FAQ.pdf
+1-917-754-3013 :: press@us.checkpoint.com
Description
In order to maintain 3rd party's intent please reference the original disclosure at: http://www.kb.cert.org/vuls/id/561444
Based on the frequent updates and detailed information offered by Check Point Technologies, we ask technical users to consult the link above for the best accuracy.
General Recommendations
All devices on your network should have log-in credentials. If your network has WiFi, please make sure WiFi encryption-keys are enabled. For legacy devices that cannot notify the owner of a new software updates, check for updates from the devices manufacture.
Immediately update to updated firmware in the table below when available. Please continue to monitor this page for further updates and disclosures.
D-Link recommends your D-Link device's remote network management feature remain disabled (factory default is disabled) to mitigate a malicious remote user using this vulnerability to exploit your device. If remote network management is disabled, a malicious user would require access to the router's local network or have compromised another device on the local network to perform further exploits.
D-Link recommends all devices connected to the local network (PCs, Macs, tablets, mobiles, etc) are up-to-date and scanned for virus, bots, or other damaging software that could compromise the network.
WiFi encryption reduces the risk to this vulnerability while accessing the devices web-configuration over WiFi. If the device's WiFi network has encryption enabled it will mitigate a malicious user from compromising the device.
The default configuration of D-Link's devices are to provide simple installation, ease of usability, and offer wide interoperability. D-Link Systems (D-Link US) reminds customers to configure their devices specifically for security concerns with in their network infrastructure. In General, D-Link Systems (D-Link US) recommends disabling services not being used, changing/securing device log-in credentials, enable WiFi encryption, monitor the device's log files to minimize security risks for your entire network.
Affected Product
|
Model Name
|
HW Version
|
Product Status |
Affected FW Version
|
FW Version Fix for Exploit
|
| DSL-320B |
D1
D2
|
EOL
EOL
|
1.23 and earlier
|
Not Affected :: No Web Server :: Latest FW for D1
Not Affected :: No Web Server :: Latest FW for D2
(Updated 07/16/2015)
|
|
DSL-321B
|
Dx
Zx
|
EOL
EOL
|
1.01 and earlier
1.14 and earlier
|
Not Affected :: No Web Server :: Latest FW for D2
Not Affected :: No Web Server :: Latest FW for Zx
(Updated 07/16/2015)
|
| DSL-2640R/CPW |
All |
EOL
|
1.24 and earlier |
FW: 1.25 09/16/2014
Release Notes: Link
(Updated 07/16/2015)
|
| DSL-2640R/EU |
All |
EOL
|
1.18 and earlier |
FW: 1.19 09/16/2014
Release Notes: Link
(Updated 06/10//2015)
|
| DSL-2680/TT |
All |
EOL
|
1.17 and earlier |
FW: 1.18 09/12/2014
Release Notes: Link
(Updated 07/16/2015)
|
| DSL-2780/TT |
All |
EOL |
2.04 and earlier |
Please see carrier Link
(Updated 06/11//2015)
|
| DSL-2680/AOL |
All |
EOL |
1.12 and earlier |
FW: 1.13 09/12/2014
Release Notes: Link
(Updated 07/16/2015)
|
| DSL-2680/UK |
All |
EOL |
1.00 and earlier |
FW: 1.01 09/232014
Release Notes: Link
(Updated 07/16/2015)
|
| DSL-2680/EU |
All |
EOL |
1.00 and earlier |
FW: 1.01 09/232014
Release Notes: Link
(Updated 07/16/2015)
|
| DSL-2740R/CPW |
All |
EOL |
1.21 and earlier |
FW: 1.22 09/17/2014
Release Notes: Link
(Updated 07/16/2015)
|
| DSL-3680/TT |
All |
Shipping |
Determined by Carrier |
Please see carrier Link
(Updated 06/10//2015)
|
| DSL-3780/TT |
All |
Shipping |
Determined by Carrier |
Please see carrier Link
(Updated 06/10//2015)
|
| DSL-2730R |
All |
Never Ship/EOL |
NA |
NA
(Updated 06/10//2015)
|
| DSL-2740R |
All |
EOL |
1.02 and earlier |
FW: 1.03 09/23/2014
Release Notes: Link
(Updated 07/16/2015)
|
| GO-DSL-N151 |
All |
Shipping |
1.06 and earlier |
FW: 1.07 12/19/2014
Release Notes: Link
(Updated 07/16/2015)
|
| DSL-2600U |
All |
Never Ship/EOL |
NA |
NA
(Updated 06/10/2015)
|
| DSL-2700U |
All |
Shipping |
1.14 and earlier |
Please contact Regional D-Link Office FW: 1.15
(Updated 06/10/2015)
|
Security patch for your D-Link Devices
These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.