CVE-2017-6206 Found in D-Link DGS-1510 Enterprise Switch Kit

CVE-2017-6206 Found in D-Link DGS-1510 Enterprise Switch Kit

In January 2017 the Federal Trade Commission started suing the Taiwanese router production company D-Link because of vulnerabilities in their Wi-Fi routing devices and web cameras. Those vulnerabilities could allow attackers to exploit the devices.

Almost two months later, security researcher Varang Amin discovered more flaws in D-Link’s DGS-1510 enterprise switch kit. Fortunately, the flaws are already fixed with a firmware update. If the bug, now identified as CVE-2017-6206, was left unpatched, unauthenticated command bypass could have been created that could have led to unauthenticated information disclosure.

Related: D-Link Sued by FTC Because of Security Issues

CVE-2017-6206 Official Description

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.

Such authentication bypass vulnerabilities could be exploited by an attacker to execute remote control and local commands on the D-Link enterprise switch, as explained by the researcher.

The vendor releases the patch as a beta but it should be applied as soon as possible as there’s a range of possible attacks on systems left unpatched. The potential exploits include extracting config files with network information, adding a new admin account prior to taking full control of switch, the researcher said.

The vulnerability can be exploited from any remote location on the internet. The PoC highlights that fact. We have found dozens of these systems available on the internet but we do not have exact numbers as we did not conduct any specific tests to obtain the numbers.

Related: D-Link Security Exploit Threatens 120 Products and 400,000 + Devices

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.