Unsupported D-Link routers vulnerable to RCE flaws

News by Doug Olenick

Common Gateway Interface (CGI) vulnerabilities in D-Link routers could result in remote code execution

Multiple D-Link routers have vulnerabilities in their Common Gateway Interface (CGI) that if exploited could result in remote code execution.

The Carnegie Mellon University Software Engineering Institute’s CERT/CC reported the CGI codes have two flaws: The /apply_sec.cgi code is exposed to unauthenticated users and the ping_ipaddr argument of the ping_test action fails to properly handle newline characters.

The result is that any arguments after a newline character sent as ping_ipaddr in a POST to /apply_sec.cgi are executed on the device with root privileges.

"By performing an HTTP POST request to a vulnerable router’s /apply_sec.cgi page, a remote, unauthenticated attacker may be able to execute commands with root privileges on an affected device. This action can happen as the result of viewing a specially-crafted web page," the report said.

The products affected are the DIR-655, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835 and DIR-825.

There is currently no patch, update or workaround available for these problems. Additionally, D-Link no longer supports the affected routers.

The original version of this article was published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews