Reference:
Advisory #2020-037
Version:
1.0
Affected software:
D-Link DSR-150
DSR-1000AC VPN routers
DSR-250
DSR-500
Firmware version 3.14 and 3.17 of the appliances above
Type:
RCE, Remote Code Excution (root privileges)
CVE/CVSS:
N/A
Sources
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195*
Risks
These devices are commonly available on consumer websites/e-commerce sites. Given the rise in work-from-home due to the pandemic, more employees may be connecting to corporate networks using one of the affected devices.
Description
An attacker can exploit this vulnerability without authentication remotely over the internet with root privileges, gaining complete control of the router. An attacker could intercept and/or modify traffic, cause denial of service conditions and launch further attacks on other assets.
remark: D-Link routers can connect up to 15 other devices simultaneously.
Recommended Actions
CERT.be recommends system administrators to install the latest updates released by the vendor for the affected versions, after proper testing. As an extra precaution, it's advised to check your logs for anomalies. If there is any indication that an attacker accessed sensitive files, you should treat your network as compromised. Download the latest updates via :
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195*References
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195*
