CYBER NEWS

CVE-2017-6206 Found in D-Link DGS-1510 Enterprise Switch Kit

In January 2017 the Federal Trade Commission started suing the Taiwanese router production company D-Link because of vulnerabilities in their Wi-Fi routing devices and web cameras. Those vulnerabilities could allow attackers to exploit the devices.

Almost two months later, security researcher Varang Amin discovered more flaws in D-Link’s DGS-1510 enterprise switch kit. Fortunately, the flaws are already fixed with a firmware update. If the bug, now identified as CVE-2017-6206, was left unpatched, unauthenticated command bypass could have been created that could have led to unauthenticated information disclosure.

Related: D-Link Sued by FTC Because of Security Issues

CVE-2017-6206 Official Description

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.

Such authentication bypass vulnerabilities could be exploited by an attacker to execute remote control and local commands on the D-Link enterprise switch, as explained by the researcher.

The vendor releases the patch as a beta but it should be applied as soon as possible as there’s a range of possible attacks on systems left unpatched. The potential exploits include extracting config files with network information, adding a new admin account prior to taking full control of switch, the researcher said.

The vulnerability can be exploited from any remote location on the internet. The PoC highlights that fact. We have found dozens of these systems available on the internet but we do not have exact numbers as we did not conduct any specific tests to obtain the numbers.

Related: D-Link Security Exploit Threatens 120 Products and 400,000 + Devices

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...