D-Link has acknowledged a vulnerability in three of its routers that could let hackers reconfigure admin settings.
The networking company said on Monday that the problem, discovered by security researchers SourceSec, affects three of its wireless routers: DIR-855 (hardware version A2), DIR-655 (versions A1 to A4) and DIR-635 (version B). The devices are marketed to consumers and businesses.
The flaw lies in D-Link's implementation of Cisco's Home Network Administration Protocol (HNAP), which allows remote router configuration. In a blog post on 9 January, the SourceSec researchers said they had "found a way to view and edit D-Link router settings without any administrative credentials", using a second admin interface. They also said they have written a proof-of-concept tool called HNAP0wn to exploit the vulnerability.
While there is no dispute that the flaw exists, SourceSec and D-Link disagree about which routers are affected.
In a paper accompanying its blog post, SourceSec said the affected D-Link routers are: DI-524 (hardware version C1, firmware version 3.23); DIR-628 (version B2, firmware versions 1.20NA and 1.22NA); and DIR-655 (version A1, firmware version 1.30EA).
However, D-Link said that those routers are either not exposed, or are not offered as described by the researchers.
"Of the three models allegedly affected, one was never sold in Europe and does not support HNAP," it said. "One does not exist [and] one runs a firmware version not available anywhere for download."
The model that D-Link said is not in the European market is DI-524 (C1). In addition, that model does not support HNAP, the company noted. The non-existent model is DIR-628 (B2), as only A hardware has ever been released for that device. Finally, model DIR-655 (A1, firmware 1.30EA) runs a restricted firmware version related to East Asia and therefore irrelevant for Europe.
SourceSec said in its blog post that it suspected "most, if not all, D-Link routers since 2006 are vulnerable".
However, in the course of an investigation in which D-Link tested its routers using the SourceSec tool, the company found that only three of its routers were affected by the vulnerability. In addition, just running the exploit code was not enough to compromise D-Link routers, it said.
"It is important to note that running the code on its own is not sufficient to hack into the router: only the software tool provided seems to achieve this result," said the D-Link statement.
The company is in the process of updating its firmware across Europe, a D-Link spokesperson told ZDNet UK on Monday.
"[D-Link] is uploading patches to its European websites," said the spokesperson, who added that firmware updates had been made available over the weekend.
D-Link criticised SourceSec, saying it had not been informed of the research prior to its publication, and that the report could have affected its customers.
"By publicising their tool, and giving specific instructions, the authors of the report have publicly outlined how the security can be breached, which could have had serious repercussions for our customers," said the D-Link statement.
Talkback
"Finally, model DIR-655 (A1, firmware 1.30EA) runs a restricted firmware version related to East Asia and therefore irrelevant for Europe."
It doesn't matter what markets the hardwares are in, a security flaw is a flaw all the same and needs to be addressed!
"
It is important to note that running the code on its own is not sufficient to hack into the router: only the software tool provided seems to achieve this result," said the D-Link statement.
D-Link criticised SourceSec, saying it had not been informed of the research prior to its publication, and that the report could have affected its customers.
By publicising their tool, and giving specific instructions, the authors of the report have publicly outlined how the security can be breached, which could have had serious repercussions for our customers," said the D-Link statement.
"
Oh please they written a proof of concept tool to automate the process for ease of testing for the end user's, and its just as well because if d-link had its own way no one would be non the wiser to there back door.
For any one wanting to follow up on this then I suggest you check the original blog posts; http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/
From there on you can see for yourselves d-links original forum post actions ie; denial and then lock downs, before subduing upon reflection.
Subsequently UBICOMS Robert Wessels, says they are working with the OpenWRT team to get there hardware's supported, hopefully this will lead to much better implementations of firmwares for routers using ubicoms hardware's.