D-Link removed encrypted credentials from its routers

by Emma Davis
July 17, 2021
D-Link removed encrypted credentials
Written by Emma Davis

D-Link’s developers have fixed several vulnerabilities by releasing a new firmware for the DIR-3040 AC3000 routers that removed encrypted credentials.

Thanks to these bugs, attackers could execute arbitrary code, gain access to confidential information, or disable a device through a denial of service.

The DIR-3040 of D-Link is an AC3000-based wireless internet router.

The vulnerabilities were discovered by Cisco Talos experts, and among them are hard-coded credentials, command injection issues and information disclosure:

  • CVE-2021-21816: Syslog Information Disclosure;
  • CVE-2021-21817: Zebra IP Routing Manager Disclosure;
  • CVE-2021-21818: Hard-coded password in Zebra IP Routing Manager.
  • CVE-2021-21819: command injection in Libcli;
  • CVE-2021-21820: Hard-coded password in the Libcli Test Environment.

Vulnerabilities CVE-2021-21818 and CVE-2021-21820 are hard-coded credentials found in Zebra IP Routing Manager and Libcli Test Environment. Both issues allow bypassing the authentication process (through specially crafted network requests). This will ultimately lead to either a denial of service or arbitrary code execution on the target router.

Another critical vulnerability, CVE-2021-21819, is related to command injection and was found as part of the Libcli Test Environment. This problem can also be used to execute arbitrary code.

Also, the issue allows you to start a hidden telnet service without authentication by simply visiting https://start_telnet and log into the Libcli Test Environment using the default password stored on the router unencrypted.

On July 15, 2021, the D-Link developers fixed these problems by releasing a hotfix for firmware 1.13B03 and below.

Users are advised to update these vulnerable products as soon as possible: D-LINK DIR-3040 Router, version 1.13B03. Cisco Talos has tested and confirmed that these versions of the DIR-3040 can exploit this vulnerability.

By the way, we talked about the fact that Mozi botnet attacks Netgear, D-Link and Huawei routers.

Let me remind you that we also talked about the fact that Researchers of Cisco Talos discovered two vulnerabilities in GoAhead web server, one of which is critical.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending