Owners of a particular D-Link router model are at serious risk of hacking, researcher Pierre Kim claims. The latter has unveiled 10 serious security flaws in D-Link DIR-850L AC1200 Dual Band Gigabit Cloud router. His recommendation to users of that model is to disconnect the device from the Internet as soon as possible.
D-Link Discontinued Router Full of Security Vulnerabilities
Even though publicly disclosing vulnerabilities without first getting in touch with the vendor is usually considered unethical at the very least, the researcher has done just that. In defense of his decision, Kim says that D-Link responded inadequately when he contacted them regarding another issue in a different product.
What makes the situation even worse is that the router was recently discontinued by the manufacturer, making it highly likely for it to never be patched. These leaves thousands of users exposed to attacks.
“The Dlink 850L is a router overall badly designed with a lot of vulnerabilities. Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused. My research in analyzing the security of Dlink 850L routers starts from a recent security contest organized by a security company.,” the researcher says in his report.
D-Link DIR-850L AC1200 Vulnerabilities: Technical Resume
First of all, the disclosed bugs are all categorized as zero-day flaws even though the classical definition of a zero-day is slightly different. The flaws are, indeed, jaw-dropping. They include:
- A list of bugs in the router’s cloud protocol implementation;
- RevB routers allowing for backdoor access;
- No protection for the router’s firmware on revA hardware that would allow an attacker to upload a new image;
- No authentication and no protection for DNS configuration.
- A bunch of XSS vulnerabilities;
Here is the complete summary of the flaws:
- Firmware “protection”
- WAN && LAN – revA – XSS
- WAN && LAN – revB – Retrieving admin password, gaining full access using the custom mydlink Cloud protocol
- WAN – revA and revB – Weak Cloud protocol
- LAN – revB – Backdoor access
- WAN && LAN – revA and revB – Stunnel private keys
- WAN && LAN – revA – Nonce bruteforcing for DNS configuration
- Local – revA and revB – Weak files permission and credentials stored in cleartext
- WAN – revB – Pre-Auth RCEs as root (L2)
- LAN – revA and revB – DoS against some daemons
This is not the first case of D-Link products being vulnerable. In 2016, a Senrio research team discovered an exploit in some of D-Link’s Wi-Fi cameras that could potentially be used to take full control of hacked devices. The cameras could be deployed for a number of malicious activities, including spying on their owners.
Then, in January 2017, the Federal Trade Commission started suing the Taiwanese router production company because of vulnerabilities in their Wi-Fi routing devices and web cameras.
Two months later, security researcher Varang Amin discovered more flaws in D-Link’s DGS-1510 enterprise switch kit. Fortunately, the flaws were fixed with a firmware update. If the bug, now identified as CVE-2017-6206, was left unpatched, unauthenticated command bypass could have been created that could have led to unauthenticated information disclosure.
As for the current case, owners of the D-Link DIR-850L AC1200 Dual Band Gigabit Cloud router are strongly advised to disconnect their devices from the Internet.