Overview
The DSL-2640B Wired/Wireless ADSL 2/2+ Gateway is susceptible to several CSRF attacks, which allow an attacker to forge HTML forms and execute actions in an authorized (logged in) browser session. These vulnerabilities allows an attacker, who has gained authorized access to the Web-GUI configration, the ability to change configuration or cause the product to be unreliable.
D-Link Security Incident Reponse Policy
All public communication on this issue will be offered at http://securityadvisories.dlink.com/security/
Our security response team can be contacted for incident information or to report incidents at security@dlink.com
Any non-critical security issue, help in updating firmware, or configuration regarding this issue please contact your D-Link Customer care channel.
Reference
CVE-2013-5730 - Ivano Binetti - Original Discosure - Link (TXT) Link (HTML)
Author Offers Additional Links:
General Disclosure
Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed. We will continue to update this page to include the relevant product firmware updates addressing these concerns. In the meantime, you can exercise the below cautions to avoid unwanted intrusion into your D-Link product.
Immediate Recommendations for all D-Link router customers
- Do not enable the Remote Management feature since this will allow malicious users to use this exploit from the internet. Remote Management is default disabled on all D-Link Routers and is included for customer care troubleshooting if useful and the customer enables it.
- If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorised persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
- Make sure that your wireless network is secure.
- Do not provide your admin password to anyone. If required we suggest updating the password frequently.
Description
Please reference the original disclosure from author at: http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-Multiple-CSRF-Vulnerabilities1.txt
A CSRF (Cross-Site Request Forgery) attack into tricks and end-user loading a webpage, with the attack, that inherits the users credentials for a target device. Malicious code then performs undesired actions on the victim's behalf, like change the credentials or configuration of the device. CSRF attacks generally target configuration changes to benefit the attacker. Webpages that can perform this type of attack are typically constructed so the user is attracted to interact with it such as a customer support forum, firmware download page, a generic sales information page, or look exactly like the login page to your gateway.
We do not intend or want to interprete or copy the authors original words so further details of the attack are describe in authors disclosure;
CSRFs described are :
- Disable/Enable Wireless MAc Address Filter
- Disable/Enable all the Firewall protections (Both "SPI" and "DOS and Portscan Protection")
- Enable/Disable Remote Management
The other does note that most settings are exposed and these are just the examples he provided.
Affected Products
|
Model Name
|
HW Version
|
Current FW Version
|
New FW Version for this exploit fix
|
|
DIR-2640B
|
All Versions
|
v. EU_1.00 and below
|
Pending as of 03/07/2014 |
Security patch for your D-Link router
These firmware updates address the security vulnerabilities in affected D-Link routers. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.
To update the firmware please log-in to the Web-GUI interface of your device, from the menu select Maintanence -> System -> Upgrade Firmware. If you require help please contact your regional D-Link customer care website for options.