Researcher warns about critical flaw in D-Link routers2013-02-07 09:34 by Daniela
Tags: D-Link, DIR-300, DIR-600
Security expert Michael Messner has identified several security flaws in D-Link's DIR-300 and DIR-600 routers that could allow remote attackers to inject execute arbitrary shell commands via a simple POST request without being authenticated to the device or by tricking the routers' owners into sending the request themselves.
According to Messner, even if a router is not directly accessible via the internet, the hole poses a significant security risk: an attacker could use a specially crafted page to trick router owners into sending the script call to their routers through their local network (Cross-Site Request Forgery, CSRF).
Among other things, the router saves the root password in plain text in the var/passwd file. Together with the previously described hole, this turns the task of extracting the root password into child's play – not that it is necessary, as potential attackers can already execute commands at root level anyway.
Messner has notified D-Link about the existence of the flaw back in December 2012. The company responded a little less than two weeks ago, claiming that the problem is browser-related and that they are not planning on providing a fix.
Read more -here-