D-Link Wi-Fi home router model DIR-865L has six vulnerabilities
Most of us use D-link Wi-Fi routers to connect to the Internet as it the most popular router around. D-Link DIR-865L model is made by a Taiwanese company and has been the most popular Wi-Fi router of choice for thousands of customers worldwide for nearly a decade now. However, unknown hackers may use the newly found vulnerabilities in these D-Link routers to hijack your session cookies and impersonate you. The hackers can also steal confidential information or upload malware to your computer/laptop using this method.
A team of researchers from Palo Alto Networks’ Unit 42 has found six new vulnerabilities in the D-Link home Wi-Fi routers used by you and me. The Palo Alto researchers say that if used together, both these vulnerabilities could allow attackers to scan network traffic and hijack session cookies. They can also be used to upload malware or download your confidential and sensitive files. The hackers could also use the vulnerability to turn your Wi-Fi router into a zombie botnet and conduct DoS or DDoS attacks.
Here are the D-Link Wi-Fi home router vulnerabilities discovered by the Palo Alto researchers :
- CVE-2020-13782: Improper Neutralization of Special Elements used in a Command (Command Injection)
- CVE-2020-13786: Cross-Site Request Forgery (CSRF)
- CVE-2020-13785: Inadequate Encryption Strength
- CVE-2020-13784: Predictable seed in pseudo-random number generator
- CVE-2020-13783: Cleartext storage of sensitive information
- CVE-2020-13787: Cleartext transmission of sensitive information
Out of the above six, the researchers said that the CVE-2020-13782 can be used to transform your D-Link into a zombie botnet. It could allow for a denial of service attack. This particular vulnerability would also allow potential hackers to inject arbitrary code to be executed on the router with administrative privileges. The researchers say that to exploit this vulnerability the hackers would require authentication, which hackers could effectively achieve if they exploit either of two other vulnerabilities, namely, CVE-2020-13786 and CVE-2020-13784.
The severest of the lot, the CVE-2020-13786 vulnerability allows potential hackers to gain access to password-protected parts of websites by sniffing web traffic since some of the pages on the D-Link routers’ web interface were vulnerable to cross-site request forgery. This vulnerability could allow attackers to delete and view the contents of files, or upload malware.
Using the vulnerability identified as CVE-2020-13784, potential hackers would be able to access the session cookies that websites use to keep users logged in, and monitor user information. If hackers gain such access, they would be able to essentially impersonate a victim online. The vulnerability also allows the hackers to gain access to the session cookies even if victims were using HTTPS to encrypt sessions because the algorithm in the router that calculates the session cookie produces predictable results, the researchers said.
The Palo Alto researchers said that they had reached out to the Taiwanese manufacturer of D-Link Wi-Fi routers and the company quickly released security patches to fix these vulnerabilities. But it is a well-known fact that not many users update or even know how to update their Wi-Fi routers firmware leaving these D-Link routers vulnerable.
Palo Alto Networks has not said anything about these six vulnerabilities being exploited in the wild but we can expect rising hacking attacks on D-Link Wi-Fi routers using these vulnerabilities. Remember, it took hackers and security researchers only a month or so to develop an exploit of the SMB vulnerability when it was accidentally leaked by Microsoft during a Patch Tuesday bulletin. In fact, the hackers build on the vulnerability to find another more severe vulnerability called SMBBleed.
If you own a D-Link Wi-Fi router, you should visit this website and update your Wi-Fi router’s firmware immediately.