[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] D-Link, Netgear Router Vulnerabiltiies
From: Dominic Chen <ddchen () andrew ! cmu ! edu>
Date: 2016-02-24 16:18:59
Message-ID: 8EBAA926-787A-4CDB-B638-5C8364402AB4 () andrew ! cmu ! edu
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hello,
We'd like to report several vulnerabilities in embedded devices developed by D-Link and \
Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis \
of Linux-based embedded devices. For more information, refer to our academic paper and \
open-source release at https://github.com/firmadyne/firmadyne.
Several Netgear devices include unauthenticated webpages that pass form input directly to the \
command-line, allowing for a command injection attack in `boardData102.php`, \
`boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php`. This has been \
assigned CVE-2016-1555. Affected devices include:
Netgear WN604
Netgear WN802Tv2
Netgear WNAP210
Netgear WNAP320
Netgear WNDAP350
Netgear WNDAP360
Several D-Link devices include a web server that is vulnerable to a buffer overflow while \
parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using \
strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. \
This has been assigned CVE-2016-1558. Affected devices include:
D-Link DAP-2310
D-Link DAP-2330
D-Link DAP-2360
D-Link DAP-2553
D-Link DAP-2660
D-Link DAP-2690
D-Link DAP-2695
Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, \
allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices \
include:
Netgear WN604
Netgear WNAP210
Netgear WNAP320
Netgear WND930
Netgear WNDAP350
Netgear WNDAP360
Several devices by both D-Link and Netgear disclose wireless passwords and administrative \
usernames/passwords over SNMP, including OID's iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, \
iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, \
iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, \
iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, \
and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, \
and CVE-2016-1559 for D-Link devices. Affected devices include:
D-Link DAP-1353
D-Link DAP-2553
D-Link DAP-3520
Netgear WNAP320
Netgear WNDAP350
Netgear WNDAP360
We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with \
firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March.
Thanks,
Dominic
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWzdfzAAoJELKl17beiyNLQEEP/1FotIYh5lBZ/zIxpDP/ROXA
ekDoFZglOQhjX8HScq4OCxz37VCBHFQ9o6MeYzvxmLHRpIBf5FrUAw2FeGQMu0EK
HVJ+QP/dA2nhEhgdGEMW5l3nIvQdm/nWuB/lDMbaJvruV1sq0rJ3IS/5xL8bBGJJ
QJzzJN7FaabLOfzw7RjUZljmWZmQ6nWialeMVT5ZCgrUZQrvnvdNwXnKyWOCO4+i
S28g/UYXG1dWf9dsrwmmONIrcKXzAqUbI+rtaydaRYTv7Is1LPwXo4BUbn+fTb7r
PZu6KaDYKX/kNiu9yrI7GSktzyvP7s65SF6CrJA0PvUySKPxYngVeN7JDql7R9KK
vg0W2+M+I5o/oSaX6NPRM//5f5jWQiMFELVy9e6QvY+nwoTKvelXxxXgkHPZ2EDq
ole7XroSW4QQKU0T1MdDD+eG6LhSnS+pUUQMfVJAQ+hO3YYnwwwJOQdPMMRFhrru
98mXV5y5ilmXQgoNGBo4Gw21GDkW1CHaT36A6X5u5jMTMlP1Ms4opeN6zePcJbHv
eamqjFlMn98wyVEHyNpjB2RVpWdxxZED3GTN1a0Z2iL60lO5mjjZr6+QKKD+tlCw
WElSLy86TZu9iIn0GClix5GII9Xf50w8O4K3drsVPFZ9BWaxkadIxEZtbiDqXPPa
Cg9WRtqbM/KKwNW+mcaV
=wrJe
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic