WBR-1310 Authentication Bypass Vulnerability – /dev/ttyS0

The D-Link WBR-1310 contains an authentication bypass vulnerability that allows remote attackers to change administrative settings without authentication. This can be used to enable remote management and change the administrative password. Note that even if remote administration is not enabled, this vulnerability can be easily exploited via CSRF. Read the… Continue reading

Breaking SSL on Embedded Devices – /dev/ttyS0

No, this is not some new SSL vulnerability. In fact, it’s a really old vulnerability, as old as cryptography itself: keep your secret keys secret. A lot of embedded devices provide HTTPS support so that administrators can administer the devices securely over untrusted networks. Some devices, such as SSL VPNs,… Continue reading

DIR-615 revD UK Firmware HNAP Vulnerability – /dev/ttyS0

The UK firmware (version 4.11) for the D-Link DIR-615 revision D router contains a privilege escalation vulnerability in its HNAP service. Using the unprivileged ‘user’ account on the device, local users can edit administrative settings, including the administrator password. Since the ‘user’ account is often ignored (default password is blank),… Continue reading

Multiple D-Link Router Vulnerabilities – /dev/ttyS0

We have discovered* an authentication bypass vulnerability that affects multiple D-Link routers, specifically those that use PHP based Web interfaces. So far we have confirmed that the following devices are affected: DIR-300 DIR-320 DIR-615 revD It appears that the same PHP code was re-used among these routers, so it is… Continue reading