Home > Cyber News > CVE-2017-6206 Found in D-Link DGS-1510 Enterprise Switch Kit
CYBER NEWS

CVE-2017-6206 Found in D-Link DGS-1510 Enterprise Switch Kit

by   |  Last Update:  |  0 Comments  

In January 2017 the Federal Trade Commission started suing the Taiwanese router production company D-Link because of vulnerabilities in their Wi-Fi routing devices and web cameras. Those vulnerabilities could allow attackers to exploit the devices.

Almost two months later, security researcher Varang Amin discovered more flaws in D-Link’s DGS-1510 enterprise switch kit. Fortunately, the flaws are already fixed with a firmware update. If the bug, now identified as CVE-2017-6206, was left unpatched, unauthenticated command bypass could have been created that could have led to unauthenticated information disclosure.

Related: D-Link Sued by FTC Because of Security Issues

CVE-2017-6206 Official Description

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.

Such authentication bypass vulnerabilities could be exploited by an attacker to execute remote control and local commands on the D-Link enterprise switch, as explained by the researcher.

The vendor releases the patch as a beta but it should be applied as soon as possible as there’s a range of possible attacks on systems left unpatched. The potential exploits include extracting config files with network information, adding a new admin account prior to taking full control of switch, the researcher said.

The vulnerability can be exploited from any remote location on the internet. The PoC highlights that fact. We have found dozens of these systems available on the internet but we do not have exact numbers as we did not conduct any specific tests to obtain the numbers.

Related: D-Link Security Exploit Threatens 120 Products and 400,000 + Devices

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Pwned from LAN to WAN: Discontinued D-link Router Full of Flaws Owners of a particular D-Link router model are at serious...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. Privacy Switch Redirect – How to Remove It This article is created in help of all users who...
  4. CVE-2017-5891, CVE-2017-5892 Found in Asus RT Wireless Routers ASUS RT wireless router owners, beware! If you haven’t updated...
  5. Google, Microsoft Bugs Top the 20 Most Prevalent Enterprise Vulnerabilities Cybersecurity firm Tenable just released their Vulnerability Intelligence Report which...
  6. CVE-2017-2750 in HP Enterprise-Grade Printers Fixed New day, new vulnerability. HP has just released firmware patches...
  7. CVE-2017-0016, CVE-2017-0037, CVE-2017-0038 – What Are the Mitigations? CVE-2017-0016, CVE-2017-0037, CVE-2017-0038 are three recently uncovered Microsoft vulnerabilities that...
  8. The Best Linux Server Distributions in 2017 Gnu/Linux is one of the leading server operating systems due...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree