Overview
Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Exlploiting these vulnerability may cause the device to become unstable and unreliable. Planex and Alpha Networks devices may also be affected, please contact these vendors directly at their regional websites.
D-Link Security Incident Reponse Policy
All public communication on this issue will be offered at http://securityadvisories.dlink.com/security/
Our security response team can be contacted for incident information or to report incidents at security@dlink.com
Any non-critical security issue, help in updating firmware, or configuration regarding this issue please contact your D-Link Customer care channel.
Reference
US-Cert - VU# 248083 - http://bit.ly/17w4qzK
CVE-2013-6026 - Craig Heffner - http://1.usa.gov/Ha5DG4
CVE-2013-6027 - Craig Heffner - http://1.usa.gov/Ha5DG0
Craig Heffner, Tactical Network Solutions & Independent Security Professional - http://bit.ly/1bOtb1F
General Disclosure
Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed. We will continue to update this page to include the relevant product firmware updates addressing these concerns. In the meantime, you can exercise the below cautions to avoid unwanted intrusion into your D-Link router.
Immediate Recommendations for all D-Link router customers
- Do not enable the Remote Management feature since this will allow malicious users to use this exploit from the internet. Remote Management is default disabled on all D-Link Routers and is included for customer care troubleshooting if useful and the customer enables it.
- If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorised persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
- Make sure that your wireless network is secure.
Details
If device owner has enabled the 'Remote Management' feature on the effected device, or malicious attacker has found a way to enable this feature. This exploit allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header. Should an effected device be exploited under CVE-2013-6026 (http://1.usa.gov/Ha5DG0 ) the user runs the risk of attacks presented in CVE-2013-6027. CVE-2013-2027 (http://1.usa.gov/Ha5DG0) describes a stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
Effected Products
WW= Worldwide English Version - Used in North America CN=China EU=Europe FR=France
DE=Gernany KR=Korea TW=Taiwan RU=Russia
Security patch for your D-Link router
These firmware updates address the security vulnerabilities in affected D-Link routers. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.
Please make sure you follow the firmware install guide provided within the ZIP firmware package.
DIR-100 Revision A1
The new firmware 1.14B02 that fixes the security vulnerabilities
1.14B02 Worldwide (1.14B02 (WW))
1.14B02 Regional (CN, EU, FR, DE, KR, TW)
WW= Worldwide English Version - Used in North America CN=China EU=Europe FR=France DE=Gernany KR=Korea TW=Taiwan RU=Russia
DIR-120 Revision A1
The new firmware 1.05B02 that fixes the security vulnerabilities
1.05B02 (WW)
1.05B02 (RU)
WW= Worldwide English Version - Used in North America RU=Russia
DI-524 Revision E3/E4
The new firmware 5.13B01 that fixes the security vulnerabilities
5.13B01 (WW)
WW= Worldwide English Version - Used in North America
DI-524UP Revision A1/A2
The new firmware 1.08B02 that fixes the security vulnerabilities
1.08B02 (WW)
WW= Worldwide English Version - Used in North America
DI-604UP Revision A1
The new firmware 1.04B02 that fixes the security vulnerabilities
1.04B02 (WW)
WW= Worldwide English Version - Used in North America
DI-604+ Revision A1
The new firmware 1.11B03 that fixes the security vulnerabilities
1.11B03 (WW)
WW= Worldwide English Version - Used in North America
DI-624S Revision B1/B2
The new firmware 1.12B02 that fixes the security vulnerabilities
1.12B02 (WW)
1.12B02 (TW)
WW= Worldwide English Version - Used in North America TW=Taiwan
TM-G5240 Revision A1
The new firmware 4.01B02 that fixes the security vulnerabilities
4.01B02 (WW)
WW= Worldwide English Version - Used in North America