Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th February 2013
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,504
Default Security alert for D-Link routers

From http://h-online.com/-1798804

Security expert Michael Messner has identified several holes in D-Link's DIR-300 and DIR-600 routers that allow potential attackers to execute arbitrary commands with little effort. Although current firmware versions are also affected, the router manufacturer does not appear to be planning to close the hole.

Messner describes on his blog how a simple POST parameter allows Linux commands to be executed at root level on vulnerable routers. No password or other authentication is required to do so. In a short test, The H's associates at heise Security found that many of the devices can even be accessed from the internet and managed to inject a harmless command into such a router. A real attacker could randomly exploit systems, for example to divert a router's entire internet traffic to a third-party server.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
UPnP Security alert phyro News 0 29th January 2013 08:03 PM
Security 4.5 million Brazilian routers hacked J65nko News 0 3rd October 2012 12:58 PM
Security Huawei's routers of vulnerability J65nko News 1 10th August 2012 08:10 AM
WPA Not working on some routers? xmorg FreeBSD General 3 30th April 2011 04:36 PM
kde .desktop file link doesn't act like a link when opening files caesius FreeBSD Ports and Packages 3 14th October 2008 07:35 AM

All times are GMT. The time now is 12:18 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick