The Taiwan-based manufacturer of network equipment D-link has developed firmware updates that patch critical vulnerabilities. The main flaw has been identified by Daniel Romero and is a stack buffer overflow issue that appears when validating session cookies. The affected service can be exposed on network port 8181. A malicious user that exploits this vulnerability can launch a local or remote arbitrary code execution.
Further Details
The security vulnerability is being tracked under the CVE-2016-5681 Advisory, and it impacts the following routers made by D-Link:
- DIR-850L B1
- DIR-822 A1
- DIR-823 A1
- DIR-895L A1
- DIR-890L A1
- DIR-885L A1
- DIR-880L A1
- DIR-868L B1
- DIR-868L C1
- DIR-817L(W)
- DIR-818L(W)
The CERT Coordination Center has rated the exploit with a rating of CVSS 9.3 which is used to indicate a critical flaw. D-Link came out with a public advisory on their website with links to updated firmware for all affected routers, except DIR-817 Rev. Ax and DIR-818L Rev. B. For these two models the updates will be made available at the end of August.
The buffer overflow can potentially lead to crashes as well as to allow arbitrary code execution. Malicious users can use these flaws to subvert security systems and measures as well as to crash network connectivity or place malware redirects.
Security experts advise the users only to allow connections from trusted hosts and networks. All affected router owners should upgrade their firmware to the latest version as soon as possible to prevent attacks caused by the vulnerability.