SB2017090805 - Multiple vulnerabilities in D-Link DIR-850L 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017090805

SB2017090805 - Multiple vulnerabilities in D-Link DIR-850L

Published: September 8, 2017 Updated: January 23, 2019

Security Bulletin ID SB2017090805
Severity
High
Patch available
NO
Number of vulnerabilities 19
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 11% Low 89%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 19 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2016-10179)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to lack of proper firmware protection. A remote attacker can use a hardcoded password, gain access to the firmware and upload a new firmware to the router.

2) Cross-site scripting (CVE-ID: CVE-2017-14413)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.


3) Information disclosure (CVE-ID: CVE-2017-14419)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper privileges and access controls. A remote attacker can retrieve admin password from routers, and use it to associate users' routers with their own MyDLink cloud accounts, effectively taking control over the device.


4) Information disclosure (CVE-ID: CVE-2017-14417)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper encryption by TCP tunnel in MyDLink cloud protocol. A remote attacker can view communications between the user's router and the MyDLink account.


5) Man-in-the-middle attack (CVE-ID: CVE-2017-14422)

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The weakness exists due to use of hardcoded private encryption keys for TCP tunnel. A remote attacker can extract these encryption keys and perform MitM attacks to read and modify arbitrary data on the system.


6) Backdoor (CVE-ID: CVE-2016-10178)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to the presence of backdoor code. A remote attacker can obtain passwords via the 'PUT' and 'GET' requests, use backdoor account via Alphanetworks / wrgac25_dlink.2013gui_dir850l to gain access to the router and update the firmware with a custom.


7) Security restrictions bypass (CVE-ID: CVE-2017-14423)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to bypass security restrictions, alter DNS settings and perform further routing and bruteforce attacks.


8) Information disclosure (CVE-ID: CVE-2017-14424)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.


9) Command injection (CVE-ID: CVE-2017-14429)

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to command injection flaw in router's internal DHCP client. A remote attacker can inject and execute arbitrary commands to perform actions with root privileges.


10) Denial of service (CVE-ID: CVE-2017-14430)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to unspecified error. A remote attacker can cause router daemons to crash.


11) Information disclosure (CVE-ID: CVE-2017-14420)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper privileges and access controls. A remote attacker can retrieve admin password from routers, and use it to associate users' routers with their own MyDLink cloud accounts, effectively taking control over the device.


12) Information disclosure (CVE-ID: CVE-2017-14418)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to improper encryption by TCP tunnel in MyDLink cloud protocol. A remote attacker can view communications between the user's router and the MyDLink account.


13) Cross-site scripting (CVE-ID: CVE-2017-14416)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.


14) Cross-site scripting (CVE-ID: CVE-2017-14415)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.


15) Cross-site scripting (CVE-ID: CVE-2017-14414)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.


16) Information disclosure (CVE-ID: CVE-2017-14428)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.


17) Information disclosure (CVE-ID: CVE-2017-14427)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.


18) Information disclosure (CVE-ID: CVE-2017-14426)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.


19) Information disclosure (CVE-ID: CVE-2017-14425)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to storing of credentials in cleartext. A local attacker can view arbitrary file on the system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References