Search...

D-Link DSL-6850U Multiple Vulnerabilities

2018-01-02T00:00:00

ID SSV:97058
Type seebug
Reporter Root
Modified 2018-01-02T00:00:00

Description

Vulnerabilities Summary

The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09.

D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found are:

Default Credentials

Remote Command Execution

Credit

An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response

Bezeq was informed of the vulnerability on June 9, and released patches to address these vulnerabilities.

Vulnerabilities details

The device has a custom firmware with the following issues:

The Remote Web Management is enabled by default
The default account cannot be disabled

Default Credentials

The default account username is: support

The password is: support

Remote Command Execution

The shell interface allows only a set of commands however you can “bind” them using ‘&&’ ‘||’

Sending the command to the shell:

echo && /bin/bash Will result in a BusyBox shell

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-97058", "status": "details", "bulletinFamily": "exploit", "modified": "2018-01-02T00:00:00", "title": "D-Link DSL-6850U Multiple Vulnerabilities", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "", "cvelist": [], "description": "### Vulnerabilities Summary\r\nThe following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 \u2013 BZ_1.00.09.\r\n\r\nD-Link DSL-6850U is a router \u201cmanufactured by D-Link for Bezeq in Israel\u201d\r\nThe vulnerabilities found are:\r\n\r\n### Default Credentials\r\nRemote Command Execution\r\n\r\n### Credit\r\nAn independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.\r\n\r\n### Vendor response\r\nBezeq was informed of the vulnerability on June 9, and released patches to address these vulnerabilities.\r\n\r\n### Vulnerabilities details\r\nThe device has a custom firmware with the following issues:\r\n\r\n1. The Remote Web Management is enabled by default\r\n2. The default account cannot be disabled\r\n\r\n#### Default Credentials\r\nThe default account username is:\r\n`support`\r\n\r\nThe password is:\r\n`support`\r\n\r\n#### Remote Command Execution\r\nThe shell interface allows only a set of commands however you can \u201cbind\u201d them using \u2018&&\u2019 \u2018||\u2019\r\n\r\nSending the command to the shell:\r\n\r\n```\r\necho && /bin/bash\r\n```\r\nWill result in a BusyBox shell", "viewCount": 24, "published": "2018-01-02T00:00:00", "sourceData": "", "id": "SSV:97058", "enchantments_done": [], "type": "seebug", "lastseen": "2018-01-02T18:27:01", "reporter": "Root", "enchantments": {"score": {"value": 1.1, "vector": "NONE", "modified": "2018-01-02T18:27:01", "rev": 2}, "dependencies": {"references": [], "modified": "2018-01-02T18:27:01", "rev": 2}, "vulnersScore": 1.1}, "references": []}