Three critical vulnerabilities can be chained to take full control of D-Link routers

Researchers from the Silesian University of Technology in Poland discovered several flaws that could be exploited to take control over some models of D-Link routers

A group of digital forensics investigators from the Silesian University of Technology in Poland reported the founding of three vulnerabilities in some D-Link router models that could be chained to take full control over the devices.

The reported flaws, and their respective identification codes, are a directory traversal (CVE-2018-10822), a password stored in plaintext flaw (CVE-2018-10824), and a Shell command injection vulnerability (CVE-2018-10823).

“We found multiple vulnerabilities on the httpd server of the D-Link router. These vulnerabilities are present in multiple router models of the D-Link company. The three vulnerabilities taken together would allow someone to take full control over the router, including code execution”, is read in the security notice of the experts in digital forensics.

Vulnerabilities reside on the httpd server of some D-Link routers, including models DWR-116, DWR-111, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, and DWR-921.

Researchers found a directory traversal vulnerability, tracked as CVE-2018-10822, which could be exploited by remote attackers to read arbitrary files using an HTTP request. The problem was initially reported to D-Link with the key CVE-2017-6190, but the company did not correctly fix the vulnerability.

This error could be exploited to access the file that stores the device administrator password in text format, without encryption.

The password storage in plaintext flaw was tracked as CVE-2018-10824. To avoid any kind of abuse, experts did not disclose the route of the files on the router.

The investigators also reported on another bug, traced as CVE-2018-10823, which could be exploited by an authenticated attacker to execute arbitrary commands and take control of the device.

The team of researchers reported the vulnerabilities to D-Link last May, but the vendor has not yet released updates to correct them, so the experts proceeded to publicly disclose the security issues. D-Link is in process to publish the patches and fixes these bugs; in the meantime, users could ensure that their devices are not accessible via online tools such as Shodan as a basic security measure.

Again, this company is facing serious security issues; recently a group of hackers stole code signature certificates from the manufacturer of router and D-Link cameras, employing them to spread a malware to steal passwords, as reported by specialists in digital forensics from the International Institute of Cyber Security last July.