The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data.
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans for exposures in your known & unknown assets.
Our VI platform delivers threat intelligence & context on the latest cyber threats providing you with actionable insights for remediation.
Our vulnerability management continually detects, prioritizes, & plans remediation to protect your entire IT landscape.
Our penetration testing simulates a real-world attack on your digital assets to determine the strength of your security & defenses.
As a partner led organization, we are committed to working with our partners to deliver world-class early warning security intelligence solutions that eliminate the adversary advantage & deliver superior security outcomes for your clients.
The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data.
Issues
1. Download the firmware from the mentioned download URLs.
2. Extract the firmware using binwalk. “binwalk -e COVR-3902_ROUTER_v101b05.bin.”
Figure 1: Extracting a firmware
3. Go to “cat ./etc/init0.d/S80telnetd.sh” to get a username
Figure 2: Clear text username as shown in screenshots
4. Go to “cat ./etc/config/image_sign” to get a password
Figure 3: Clear text password as shown in screenshots
Username: Alphanetworks\
Password: wrgac61_dlink.2015_dir883
An unauthenticated attacker gains privileged access to the router, and to extract sensitive data or modify the configuration.
Download and apply the relevant from the vendor:
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109
Jul 05, 2019: Discovered in Dlink.