Vulnerabilities in D-Link router raises concerns over remote worker IT security

News by Rene Millman

Hackers could use D-link router flaws to exfiltrate data and upload malware

Security researchers have warned remote workers that their home router contains flaws that allow hackers to run arbitrary commands, exfiltrate data, upload malware, delete data or steal user credentials. 

In a blog post by Palo Alto Networks, researchers found that  D-Link wireless cloud routers running their latest firmware had six vulnerabilities. The flaws  were found in the DIR-865L model of D-Link routers, which is meant for home network use.

They added that the current trend towards working from home increases the likelihood of malicious attacks against home networks, which makes it even more imperative to keeping networking devices updated.

The first flaw, CVE-2020-13782, could allow a hacker to inject arbitrary code to be executed on the router with administrative privileges.  This particular attack would lead to a denial of service.

A second bug, CVE-2020-13786, allows an attacker to sniff web traffic and use the session information to gain access to password-protected portions of the website without knowing the password.

A third flaw, CVE-2020-13784, could enable hackers to access a session cookie by knowing the  approximate time that a user logged on,  even if it is protected with encryption.

Researchers said that due to the number of people working from home, malicious actors have an incentive to attack routers meant for home networks.

“These vulnerabilities can be used together to run arbitrary commands, exfiltrate data, upload malware, delete data or steal user credentials. These attacks are easiest to conduct if the router is set up to use HTTP, but a sophisticated attacker can still calculate the required session information if the router uses HTTPS,” they added.

Martin Jartelius, CSO at Outpost24, told SC Media UK that these kinds of SOHO-router vulnerabilities have plagued the industry for many years.

“We helped a range of telco providers review the equipment they shipped to consumers as part of their internet subscriptions in an attempt to help resolve this issue before the time when most vendors started implementing improvements. It still remains a problem today, and over the years we have seen several cases such as GhostDNS automated router farming attacks,” he said.

“For home users, given that this is an eight year old product and even though we do not encourage a wasteful lifestyle, it may be time to consider a more modern router, and once you get it, see the advice for remote working from SANS for guidelines on WIFI and Router security for home users."

Paul Bischoff, privacy advocate at Comparitech.com. told SC Media UK that "Wi-fi router vulnerabilities like these are troublesome because many users will not replace or patch them.

“Home wi-fi routers are typically retail purchases and users usually don't need to register any sort of account to use them, so manufacturers have no way to directly contact users and inform them of issues. Most consumers probably don't even know their router model or how to run firmware updates. Many older routers don't have an automatic update feature, and at least one reviewer noted that the DIR-865L automatic update function didn't work. Routers often sit untouched after initial setup and can go years without any sort of attention from users so long as they connect to the internet,” he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews