If you’re a TM unifi or TIME fibre broadband subscriber, chances are you have a D-Link DIR-850L router bundled and installed at home or office. Please be forewarned, you may be at a serious security risk, due to yet-to-be-patched vulnerabilities in the router.
UPDATED (12:31AM, 20.09.2017)
UPDATED (6:47PM, 19.09.2017)
Just last week, security researcher Pierre Kim publicly disclosed findings related to D-Link DIR-850L routers. The move was after he found difficulties in working with D-Link whom he described as having “lack of consideration about security.”
As reported by ZDNet, bugs were apparently found in June this year, with the advisory written in July.
Kim found flaws in the router which enables a user to use Mydlink Cloud Services to access their home networks remotely.
The researcher advised users to immediately disconnect vulnerable routers from the internet.
The aforementioned D-Link router comes in two different versions: revA and revB. I can confirm that the TM unifi router I use at home is a revB.
Here are 10 flaws Kim discovered on the router:
- Firmware “protection”
- WAN & LAN – revA – XSS
- WAN & LAN – revB – Retrieving admin password, gaining full access using the custom mydlink Cloud protocol:
- WAN – revA and revB – Weak Cloud protocol
- LAN – revB – Backdoor access
- WAN & LAN – revA and revB – Stunnel private keys
- WAN & LAN – revA – Nonce bruteforcing for DNS configuration
- Local – revA and revB – Weak files permission and credentials stored in cleartext
- WAN – revB – Pre-Auth RCEs as root (L2)
- LAN – revA and revB – DoS against some daemons:
The Cyber Security Agency of Singapore and Infocomm Media Development Authority has issued a joint advisory regarding D-Link DIR-800 series routers, which include the DIR-850L.
Other affected products include the DIR-885L, DIR-890L and DIR-895L.
The advisory remarked that the routers can be compromised to install malicious firmware, and compromise users’ information.
ITwire also reported that hardware security outfit Embedi has found three other flaws in DIR-800 series routers.
Two vulnerabilities are related to the main CGI file that generates web interface pages to manage the router. The other flaw involves system recovery.
The flaws may allow an unauthorised person to obtain the login and password of the router, by making a single HTTP request.
The second flaw can provide a root shell through a HTTP request.
Also, it can give an attacker root status when updating firmware in recovery mode.
D-Link has issued an advisory on their website and are working on a patch. They have gone on record to say a firmware update will be released on 19 September 2017.
Here’s how to stay safe:
- Reset the router to its default factory setting.
- Disable the WAN remote admin feature
- Do not access the router through unauthorised Wi-Fi.
- Change the wireless SSID password and PIN code to prevent unauthorised users from accessing the LAN.
- Change the device’s administrator password. Be sure to use a strong new password.
How to update firmware:
- DIR-850L (Revision A firmware): ftp://ftp2.dlink.com/PRODUCTS/DIR-850L/REVA/DIR-850L_MANUAL_1.00_EN.PDF
- DIR-850L (Revision B firmware): ftp://ftp2.dlink.com/PRODUCTS/DIR-850L/REVB/DIR-850L_REVB_MANUAL_2.00_EN_US.PDF
So far, local authorities like the MCMC, or telcos TM and TIME have not issued statements or advisory.
UPDATED (6:47PM, 19.09.2017)
Updated with a statement from TIME.
We’re aware that the D-Link DIR850-L WiFi router provided to some of our users was recently found to be exposed to a security risk.
The security and privacy of our users are of great importance to us. We are working with D-Link and will be taking further actions in the coming days to increase the security of our users.
In the meantime, you can take the interim countermeasure to secure your router here.
For help, please get in touch with us at 1800-18-1818 or [email protected].
UPDATED (12:31AM, 20.09.2017)
TM said that it has investigated the vulnerabilities related to the D-Link DIR-850L router and found that one of the security systems that is flawed is turned off by default. The flaw is with reference to the remote management system which could allow hackers to gain control of the router. TM advises customers to use strong Wi-Fi passwords to minimise risk.
Are you currently using the D-Link DIR-850L router or any of the mentioned routers? Take preventative action now.
Source: Lowyat.net
