D-Link Routers Exposed: Ten Critical Vulnerabilities Discovered
A significant security breach has come to light involving routers manufactured by Taiwan-based D-Link. A security researcher has uncovered ten critical zero-day vulnerabilities in the D-Link DIR 850L wireless AC1200 dual-band gigabit cloud routers, potentially putting countless users at risk of cyberattacks. These vulnerabilities encompass a range of serious issues, from trivial cross-site scripting (XSS) flaws to more severe problems such as backdoor access and command injection that could enable remote root access to the devices.
Among the vulnerabilities identified, a complete lack of firmware protection stands out as particularly alarming. This vulnerability allows attackers to upload malicious firmware, compromising the router’s integrity. While D-Link 850L revision A shows no firmware protection at all, revision B employs protection that relies on a hardcoded password, presenting an easy target for skilled attackers. Additionally, several XSS vulnerabilities have been detected both on local and wide-area network (WAN) interfaces of the D-Link 850L routers, which attackers could exploit to hijack authenticated sessions by stealing cookies.
The researcher, Pierre Kim, who previously highlighted severe flaws in D-Link products, opted for public disclosure after being frustrated by the company’s lack of response to earlier reports. This recent discovery could allow attackers not only to intercept connections but also to upload harmful firmware, potentially seizing control of all affected routers and leaving connected devices vulnerable to further cyber threats.
The backdoor access found in D-Link 850L revision B routers enables attackers to gain root shell access, which is a significant escalation in privilege. Moreover, the MyDLink cloud protocol, integral to the routers’ functionality, has been noted to operate without any encryption, posing another significant security risk that could facilitate unauthorized access to user data and router controls.
Given these threats, Kim has advised users to disconnect affected routers immediately to mitigate potential attacks. He emphasized the poorly designed architecture of the D-Link 850L router series, stating that its vulnerabilities span from both local and wide area perspectives, effectively allowing a comprehensive attack surface.
In terms of the potential tactics that might have been utilized in the exploitation of these vulnerabilities, the MITRE ATT&CK framework suggests several possibilities. The initial access may have been established through the aforementioned XSS vulnerabilities, while persistence could be achieved via the backdoor access mechanisms discovered. These vulnerabilities would likely facilitate privilege escalation, allowing attackers to gain elevated rights within the network, thus compromising additional connected devices.
As concerns about cybersecurity continue to grow, this case serves as a crucial reminder of the potential risks associated with networking hardware that lacks robust security measures. As organizations assess their own cybersecurity posture, they must remain vigilant about the vulnerabilities inherent in their technologies.
For further insights into these vulnerabilities, detailed information can be accessed on Pierre Kim’s dedicated website, where he outlines each weakness and the implications for users. The urgency of addressing these vulnerabilities is underscored by the recent scrutiny faced by D-Link following legal challenges from the U.S. Federal Trade Commission regarding the company’s inadequate security practices, which left numerous consumers exposed to cyber threats.