Hacking the DSP-W215, Again, Again, Again – /dev/ttyS0

So far, the vulnerabilities found in the DSP-W215 have only been practically exploitable from the LAN, unless someone was foolish enough to make their smart plug remotely accessible on the Internet. The typical way for external attackers to target internal web servers, such as the one running on the DSP-W215,… Continue reading

Hacking the DSP-W215, Again, Again – /dev/ttyS0

Here we go again…again. In the last DSP-W215 exploit, I mentioned that the exploit’s POST parameter name had to be “storage_path” in order to prevent the get_input_entries function from crashing prematurely. That’s because there is another stack overflow, this time in the replace_special_char function, which is called by get_input_entries if… Continue reading

Hacking the DSP-W215, Again – /dev/ttyS0

D-Link recently released firmware v1.02 for the DSP-W215 to address the HNAP buffer overflow bug in my_cgi.cgi. Although they were quick to remove the download link for the new firmware (you must “Use mobile application to upgrade device”), I grabbed a copy of it before my trip to Munich this… Continue reading

Hacking the D-Link DSP-W215 Smart Plug – /dev/ttyS0

The D-Link DSP-W215 Smart Plug is a wireless home automation device for monitoring and controlling electrical outlets. It isn’t readily available from Amazon or Best Buy yet, but the firmware is up on D-Link’s web site. The D-Link DSP-W215 TL;DR, the DSP-W215 contains an unauthenticated stack overflow that can be… Continue reading