no one is safe ...

Home Network Devices

Multiple Vulnerabilities in D'Link DIR-635

Device Name: DIR-635
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

Firmwareversion: 2.34EU
Hardware-Version: B1
Produktseite: DIR-635

============ Vulnerability Overview: ============

  • Stored XSS -> Status - WLAN -> SSID

Multiple Vulnerabilities in D'Link DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A

Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A
Vendor: D-Link

============ Device Description: ============

DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele...
DIR-615: http://www.dlink.com/de/de/support/product/dir-615-wireless-n-300-router...

============ Vulnerable Firmware Releases - DIR-615: ============

Tested Firmware Version : 4.13

============ Vulnerable Firmware Releases - DIR-300: ============

Multiple Vulnerabilities in D-Link devices

Device Name: DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

DIR-815 v1.03b02 (unauthenticated command injection)
DIR-645 v1.02 (unauthenticated command injection)
DIR-645 v1.03 (authenticated command injection)
DIR-600 below v2.16b01 (with v2.16b01 D-Link also fixes different vulnerabilities reported in M1ADV2013-003)
DIR-300 revB v2.13b01 (unauthenticated command injection)
DIR-300 revB v2.14b01 (authenticated command injection)
DIR-412 Ver 1.14WWB02 (unauthenticated command injection)
DIR-456U Ver 1.00ONG (unauthenticated command injection)
DIR-110 Ver 1.01 (unauthenticated command injection)

Possible other versions and devices are also affected by this vulnerability.

Getting a full Shell on D-Link DSL-320B

This time not a big thing ... more a nice detail on getting a shell on the DSL-320B device.

If you are doing a portscan on your local network with Nmap you will see the following output:

PORT   STATE SERVICE    VERSION
21/tcp open  ftp        D-Link or USRobotics ADSL router firmware update ftpd
22/tcp open  tcpwrapped
23/tcp open  telnet     D-Link DSL-2542B ADSL router telnetd
80/tcp open  http?

You could login with the credentials from the webinterface and you get a stripped access:


root@bt:~# telnet 192.168.178.111
Trying 192.168.178.111...

Multiple Vulnerabilities in Netgear DGN2200B

Device Name: DGN2200B
Vendor: Netgear

============ Vulnerable Firmware Releases: ============

Hardwareversion DGN2200B
Firmwareversion V1.0.0.36_7.0.36 - 04/01/2011
GUI Sprachversion: V1.0.0.25

============ Device Description: ============

Infos: http://www.netgear.com/home/products/wirelessrouters/work-and-play/dgn22...
http://www.netgear.de/products/home/wireless_routers/work-and-play/DGN22...

Firmware download: http://kb.netgear.com/app/answers/detail/a_id/18990/~/dgn2200%2Fdgn2200b...