Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday September 25 2019, @11:40AM   Printer-friendly
from the all-your-storage-are-belong-to-us dept.

Source: https://www.securityweek.com/flaw-gives-hackers-remote-access-files-stored-d-link-dns-320-devices

Researchers at Vietnam-based CyStack Security discovered the vulnerability and reported it to D-Link in mid-August. An advisory was released by the vendor roughly one month later, but it turned out that the security hole was actually fixed by mistake in April, when D-Link released version 2.06b01 of the firmware to address a weakness exploited by the Cr1ptT0r ransomware to infect D-Link NAS devices.

The flaw is tracked as CVE-2019-16057 and CyStack assigned it a CVSS score of 10. It affects D-Link DNS-320 devices with firmware version 2.05b10 and earlier.

CyStack's Nguyen Dang told SecurityWeek that the vulnerability can be exploited directly from the internet and he says there are currently at least 800 vulnerable devices that can be attacked from the web. Nguyen pointed out that all D-Link DNS-320 devices were vulnerable to attacks before the issue was patched in April.

The vulnerability has been described as a command injection issue present in the login module for the administration interface of the DNS-320.

CyStack Report: https://blog.cystack.net/d-link-dns-320-rce/

CyStack Security discovered a remote code execution vulnerability in the D-Link DNS-320 ShareCenter device which its version is lower or equal 2.05.B10 . By exploiting the vulnerability, a remote, unauthenticated attacker can access to all application commands with root permission. This device is a popular network storage device and interestingly, in the past, it was also reported that it contains a backdoor itself.

[...] D-Link team released a patch for this issue on 11/04/2019 [(April 11, 2019. --Ed.)]. According to their release notes, the patch is for login_mgr.cgi allows attackers pipe commands to the user.log. I don't know exactly what issue they found related to the flaw I'm addressing in this article, but the patch worked. They fixed it by type casting parameter port to Integer.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Funny) by DannyB on Wednesday September 25 2019, @01:11PM

    by DannyB (5839) Subscriber Badge on Wednesday September 25 2019, @01:11PM (#898473) Journal

    CyStack's Nguyen Dang told SecurityWeek that . . .

    Shirley they must mean SecurityWeak.

    --
    The lower I set my standards the more accomplishments I have.
    Starting Score:    1  point
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3