Reports and Resources
Improper access control in D-link Firmware DIR-601
Loginsoft-2020-1009
31 March, 2020
CVE Number
CWE
CWE-284: Improper Access Control
Product Details
D-Link introduces the Wireless N 150 Home Router (DIR-601), which delivers high performance end-to-end wireless connectivity based on Wireless N technology. The DIR-601 provides better wireless coverage and improved speeds over previous-generation Wireless G*. Upgrading your home network to Wireless N 150 provides an excellent solution for experiencing better wireless performance while sharing a broadband Internet connection with multiple computers over a secure wireless network.
URL:http://www.dlink.cc/d-link-reviews/d-link-dir-601-wireless-router-overview-and-user-reviews.html
Vulnerable Firmware Versions
2.02NA
Hardware
B1
Vulnerability Details
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor
Analysis
Steps to reproduce:Method 1
- Log in as a user & visit http://192.168.0.1/tools_admin.htm .
- Right-click on the admin “password” input field and click on the inspect element.
- Modify the input field, by removing the “disable” attribute, repeating the same for the “verify password” input field & “save settings” button.
- Now enter new values to the available input field and click on submit. Now the password will be updated with supplied values.
Method 2
- Login as admin & visit http://192.168.0.1/tools_admin.htm .
- Intercept & record the request to change the admin password.
- Now login as a user & replay the recorded request, the admin’s password will be updated.
Exploitation
As part of the exploitation, the attacker (user account) can change the admin’s “password”, and similarly other settings, configurations available.
Mitigation
- Proper access control check needs to be employed, before processing the request.
Vendor Disclosure:
Credit
Discovered by ACE Team - Loginsoft