D-Link friends of the perbadanan router Exposure the remote file upload and command injection vulnerabilities-vulnerability warning-the black bar safety net

ID MYHACK58:62201560030
Type myhack58
Reporter 佚名
Modified 2015-03-17T00:00:00


D-Link router security also really many, some time ago just burst home Router the presence of a remote command injection vulnerability, and then someone in their firmware on the discovered two remotely exploitable vulnerabilities. An attacker could exploit the vulnerability can remotely access the router permissions, and even in the victims on the device to execute arbitrary code.

Vulnerability: file upload

The attacker can be in the presence of a vulnerability of the router on the remote to upload your own files to the victims on the device, so an attacker can create, modify, delete operation information. In addition the attacker may also exploit vulnerabilities in the victim device to execute arbitrary code.

The affected router models are:

THE DCS-930L, DCS-931L, DCS-932L, DCS-933L

Before reported is 1. 0 4 version of the router firmware, there are loopholes, but also far more than these, the most recent announcement clearly indicates that the impact of the range again expanded, 2.0.17-b62 version of the previous firmware are also affected.

Vulnerability two: remote injection

A second vulnerability is still firmware vulnerability, mainly in the 1. 1 1 version of the DAP-1 3 2 0 Rev Ax firmware. The firmware update mechanism is present on the command injection vulnerability, a remote unauthorized attacker can be in the victim device to perform some malicious commands. This attack requires the use of common and readily available tools to hijack and manipulate network communications.

Safety recommendations

Currently the above vulnerability has been fixed, using the above version of the router, the user should as soon as possible to update the router firmware. In addition, this would also be a bug-fix announcement: DIR-626L, the 808L, the 820L, the 826L, AND 830L, the 836L models of home router vulnerabilities have also been fixed, please users update to the latest version.