Version 0.1.2 of LittleBlackBox was released last night. In addition to a new list of private SSL keys added to the database and some minor bug fixes, we’ve introduced a couple new features: Ability to update SSL key database to the latest SVN check-in. This keeps you up to date… Continue reading
I’ve always envied CSI’s amazing IP address geolocation capabilities. Not only can they get your exact physical address based solely off your IP (right down to your hotel room number!), it even works on IP addresses that don’t exist! While that level of IP address tracking is beyond the grasp… Continue reading
The D-Link WBR-1310 contains an authentication bypass vulnerability that allows remote attackers to change administrative settings without authentication. This can be used to enable remote management and change the administrative password. Note that even if remote administration is not enabled, this vulnerability can be easily exploited via CSRF. Read the… Continue reading
When examining embedded devices, it is not uncommon to find that two or more of them share common code, and even common hardware. This probably comes as no surprise, as re-using code and hardware designs helps lower production costs. What might be a little more surprising is when you find… Continue reading
No, this is not some new SSL vulnerability. In fact, it’s a really old vulnerability, as old as cryptography itself: keep your secret keys secret. A lot of embedded devices provide HTTPS support so that administrators can administer the devices securely over untrusted networks. Some devices, such as SSL VPNs,… Continue reading
We’ve just released a new version of Binwalk, our open source firmware analysis tool. This release features new firmware signatures and a huge speed increase; scan times for large firmware images went from ~12 hours to less than a minute! Download Binwalk here.
The UK firmware (version 4.11) for the D-Link DIR-615 revision D router contains a privilege escalation vulnerability in its HNAP service. Using the unprivileged ‘user’ account on the device, local users can edit administrative settings, including the administrator password. Since the ‘user’ account is often ignored (default password is blank),… Continue reading
We have discovered* an authentication bypass vulnerability that affects multiple D-Link routers, specifically those that use PHP based Web interfaces. So far we have confirmed that the following devices are affected: DIR-300 DIR-320 DIR-615 revD It appears that the same PHP code was re-used among these routers, so it is… Continue reading