New vulnerabilities in D-Link routers have been discovered and are being exploited in the wild, causing concerns among cybersecurity experts. Specifically, three vulnerabilities were found in the D-Link DIR-600 router series, with one vulnerability identified as CVE-2023-33625. This vulnerability relates to D-Link DIR-600 Hardware Version B5, Firmware Version 2.18.
The vulnerability in question involves a command injection vulnerability via the ST parameter in the lxmldbc_system() function. D-Link DIR-600 routers are commonly used in home and small office networks. The vulnerabilities stem from a lack of proper filtering mechanisms in the user-supplied data before passing it to the system().
As a result, attackers can send malicious data and exploit this vulnerability to execute arbitrary commands, known as Pre-Authentication command injection. This type of attack can compromise the security and integrity of the affected devices.
To understand the gravity of these vulnerabilities, let’s delve into the technical details. The flaw resides in the ssdp.cgi binary, where the vulnerability occurs during the parsing of the HTTP request header field. Attackers can leverage this weakness by manipulating the input to execute unauthorized commands, potentially compromising the security and integrity of the affected devices.
Given the severity of these vulnerabilities, it is crucial for D-Link DIR-600 users to take immediate action to safeguard their networks. Users are advised to update their firmware promptly to the latest version as recommended by D-Link. The affected hardware version is B5, and firmware version 2.18 is vulnerable to exploitation. D-Link, a reputable networking equipment manufacturer, has acknowledged the vulnerabilities and is actively addressing the issue.
Users are encouraged to visit D-Link’s official website (https://www.dlink.com/) for more information on the affected product. Additionally, the firmware download address (https://www.dlinktw.com.tw/techsupport/ProductInfo.aspx?m=DIR-600) provides access to the latest firmware version, ensuring enhanced security measures.
In addition to the vulnerabilities found in D-Link routers, the company has also recently resolved two critical vulnerabilities in its D-View 8 network management suite. These vulnerabilities posed significant risks, including the potential for authentication bypass and the execution of arbitrary code.
D-Link’s D-View 8 network management suite is a valuable tool for customers, enabling them to efficiently monitor network performance, configure devices, and manage their networks. The vulnerabilities were reported to D-Link by the Trend Micro Zero Day Initiative (ZDI).
The first vulnerability, identified as CVE-2023-32165, involved a flaw known as D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution. Exploiting this flaw did not require authentication, granting remote attackers the ability to execute arbitrary code. The vulnerability stemmed from inadequate validation of user-supplied paths before employing them in file operations.
The second flaw, CVE-2023-32169, entailed an authentication bypass issue resulting from the TokenUtils class’s use of a hard-coded cryptographic key. Exploiting this vulnerability permitted attackers to bypass authentication on the targeted system. Similar to the first flaw, authentication was unnecessary for exploiting this vulnerability.
D-Link promptly addressed these critical vulnerabilities, prioritizing the security of its customers’ network management infrastructure. By rectifying these flaws, D-Link has reinforced the integrity and reliability of its D-View 8 network management suite.
In conclusion, the discovery and exploitation of vulnerabilities in D-Link routers highlight the importance of keeping network devices up to date with the latest firmware. Prompt updates and regular monitoring of security advisories are crucial to safeguarding networks from potential attacks. Users should follow the recommendations provided by D-Link and regularly check for updates to ensure the security and integrity of their network infrastructure.