October 9, 2023 at 05:56PM – D-Link WiFi range extender vulnerable to command injection attacks

October 9, 2023 at 05:56PM

The D-Link DAP-X1860 WiFi 6 range extender has a vulnerability that allows for denial of service attacks and remote command injection. Despite being notified multiple times, D-Link has not released any fixes. Attackers can exploit the flaw by creating an SSID with a tick symbol and executing commands. Owners are advised to limit network scans, be cautious of disconnections, and isolate IoT devices on a separate network.

Meeting notes:

– The popular D-Link DAP-X1860 WiFi 6 range extender has a vulnerability that allows DoS attacks and remote command injection.
– The product is available on D-Link’s website and has numerous reviews on Amazon, indicating its popularity among consumers.
– German researchers (RedTeam) discovered the vulnerability and tracked it as CVE-2023-45208. However, D-Link has not responded or released any fixes despite being notified by RedTeam.
– The vulnerability originates from the network scanning functionality of the DAP-X1860. The extender misinterprets SSIDs containing a single tick (‘) as a command terminator.
– The “parsing_xml_stasurvey” function in the libcgifunc.so library is where the issue lies, as it contains a system command for execution.
– Due to the lack of SSID sanitization, an attacker can exploit this feature by creating a deceptive WiFi network with a tick in the name.
– When the device tries to connect to the malicious SSID, it experiences an “Error 500: Internal Server Error” and fails to operate normally.
– By adding a second section to the SSID containing a shell command separated by “&&,” the attacker can execute commands on the extender with root privileges.
– The attacker can use this access to probe other devices connected to the extender and potentially infiltrate the network further.
– A deauthentication attack can be used to force a network scan on the target device. This attack involves generating and sending deauth packets to disconnect the extender from its main network.
– RedTeam reported the flaw to D-Link in May 2023 but received no response despite multiple follow-ups.
– As a result, the DAP-X1860 remains vulnerable, and the relatively simple exploitation method poses a risk.
– Owners of DAP-X1860 extenders are advised to limit manual network scans, be cautious of sudden disconnections, and turn off the extender when not in use.
– It is also recommended to place IoT devices and range extenders on a separate network isolated from sensitive devices that hold personal or work data.

Full Article – https://ift.tt/90VmLbj