D-Link DSL-3788 Unauthenticated Remote Code Execution (RCE) vulnerability.
Summary:
A critical unauthenticated Remote Code Execution vulnerability has been discovered in DSL-3788 routers, allowing attackers to remotely gain full control of the targeted device. The flaw impacts firmware versions v1.01R1B036_EU_EN and earlier and was reported by Max Bellia of SECURE NETWORK BVTECH. According to Bellia, the issue resides in the webproc CGI component of the router’s firmware. Bellia notes that “ it is possible to create a request with a specially crafted sessionid that, when received by the webproc CGI, will lead to the execution of arbitrary code. This happens because the fuction "COMM_MakeCustomMsg" of the libssap library used by the webproc CGI does not check the length of the input, leading to a buffer overflow.”
Security Officer Comments:
Exploiting this vulnerability could allow attackers to gain administrative control over vulnerable router models, thereby compromising the devices. With control of the router, attackers could intercept and manipulate network traffic, potentially compromising connected devices. Additionally, the compromised router could serve as a launching point for further malware attacks and be incorporated into a botnet, enabling large-scale DDoS attacks against targets of interest.
Suggested Corrections:
The flaw has been addressed in version v1.01R1B037. D-Link is urging all users to install the latest version as soon as possible. After updating, users should verify the update’s success by comparing the device’s software version with the latest release.
Link(s):
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10418
A critical unauthenticated Remote Code Execution vulnerability has been discovered in DSL-3788 routers, allowing attackers to remotely gain full control of the targeted device. The flaw impacts firmware versions v1.01R1B036_EU_EN and earlier and was reported by Max Bellia of SECURE NETWORK BVTECH. According to Bellia, the issue resides in the webproc CGI component of the router’s firmware. Bellia notes that “ it is possible to create a request with a specially crafted sessionid that, when received by the webproc CGI, will lead to the execution of arbitrary code. This happens because the fuction "COMM_MakeCustomMsg" of the libssap library used by the webproc CGI does not check the length of the input, leading to a buffer overflow.”
Security Officer Comments:
Exploiting this vulnerability could allow attackers to gain administrative control over vulnerable router models, thereby compromising the devices. With control of the router, attackers could intercept and manipulate network traffic, potentially compromising connected devices. Additionally, the compromised router could serve as a launching point for further malware attacks and be incorporated into a botnet, enabling large-scale DDoS attacks against targets of interest.
Suggested Corrections:
The flaw has been addressed in version v1.01R1B037. D-Link is urging all users to install the latest version as soon as possible. After updating, users should verify the update’s success by comparing the device’s software version with the latest release.
Link(s):
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10418