Sivan Rauscher, co-founder and CEO of the Israeli-based B2B startup SAM Seamless Network, said in a telephone interview, that hackers target IoT devices because they are easy to hack: As more of our daily lives become more connected and dependent on the web, the sheer number of devices and endpoints in your home makes likely it likely that some of these attacks will succeed.
Fortinet describes this as a “typical security pitfall suffered by many firmware manufacturers.”the Non-Volatile Random Access Memory (NVRAM), which is a type of RAM that retains data after a device’s power is turned off.
The function then compares the value of the current_user with the value of the variable acStack160.
“The current_user value in NVRAM will be set only after a successful user login, so by default its value is not initialized,” Fortinet researcher Thanh Nguyen Nguyen explained in a recent write-up. “The value of acStack160 is the result of base64encode(user_username), and by default the user_username is set to ‘user,’ so there is no way the iVar2 can return a value of 0, so it won’t return to the error.asp page.” Ultimately, an attacker can perform any action in the SSC_SEC_OBJS array under the “/apply_sec.cgi” path, according to Nguyen. For successful exploitation, “we implement the POST HTTP Request to ‘apply_sec.cgi’ with the action ping_test,” he said. “We then perform the command injection in ping_ipaddr. Even if it returns the login page, the action ping_test is still performed – the value of ping_ipaddr will execute the “echo 1234″ command in the router server and then send the result back to our server.”
At this point, attackers could retrieve the admin password, or install their own backdoor onto the server – which would allow them to install malware, snoop on traffic flowing through the router and potentially move through the home network to reach and infect other devices.
With no patch available, affected users should upgrade their devices as soon as possible.
D-Link is no stranger to vulnerabilities; in September, researchers discovered vulnerabilities in D-Link routers that can leak passwords for the devices, and which have the potential to affect every user on networks that use them for access. And in May, a researcher found attackers using the Google Cloud Platform to carry out three separate waves of DNS hijacking attacks against vulnerable D-Link and other consumer routers.
What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free Threatpost webinar, “Hackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.” Click here to register.