DIR-615 revD UK Firmware HNAP Vulnerability – /dev/ttyS0

The UK firmware (version 4.11) for the D-Link DIR-615 revision D router contains a privilege escalation vulnerability in its HNAP service. Using the unprivileged ‘user’ account on the device, local users can edit administrative settings, including the administrator password. Since the ‘user’ account is often ignored (default password is blank),… Continue reading

Multiple D-Link Router Vulnerabilities – /dev/ttyS0

We have discovered* an authentication bypass vulnerability that affects multiple D-Link routers, specifically those that use PHP based Web interfaces. So far we have confirmed that the following devices are affected: DIR-300 DIR-320 DIR-615 revD It appears that the same PHP code was re-used among these routers, so it is… Continue reading