In association with heise online

11 January 2010, 09:35

Hidden admin access on D-Link routers

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

D-Link Logo According to a posting on the SourceSec Security Research web page, many – potentially all – of the router models D-Link has marketed since 2006 are affected by a flawed implementation of the Home Network Administration Protocol (HNAP). Local and external attackers can reportedly exploit the flaw to gain access to the router's network settings.

According to SourceSec, the D-Link routers include both a regular administrative interface and a HNAP connection that can't be disabled. SourceSec say they have verified that this administrative access via HTTP is vulnerable in the DI-524, DIR-628 and DIR-655 routers, allowing attackers to edit the router's administrative settings and take full control of all network traffic.

While the SOAP-based HNAP does require basic admin authentication, said the security firm, some D-Link routers allow the "GetDeviceSettings" SOAP action to be executed without authentication, which reportedly enables attackers to bypass the security mechanisms and execute other unauthorised SOAP actions. Although other D-Link routers are reportedly not affected by this vulnerability, SourceSec say that attackers can instead exploit the usually ignored user account (login: user, no password) on these routers. The security firm describes further details in a paperPDF; a sample exploit called HNAP0wn can also be found on their website.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit