Vulnerability Found In D-Link Routers - InformationWeek

Vulnerability Found In D-Link Routers

Patches are available for the vulnerability, which affects D-Link's consumer-grade routers.

A buffer overflow vulnerability discovered several D-Link wired and wireless routers could allow attackers to execute arbitrary code and potentially compromise entire networks.

eEye Digital Security, an Aliso Viejo, Calif.-based security firm, issued an advisory on the vulnerability Monday. The company had notified D-Link about the flaw in February.

The vulnerability affects the Local Area Network (LAN) interface of several of D-Link's consumer-grade routers, and a company spokesperson said the Fountain Valley, Calif.-based networking vendor has released patches for download on its Web site.

Mike Puterbaugh, vice president of marketing at eEye, said the vulnerability is serious given the widespread use of D-Link routers in small-business and home networks. "The footprint of D-Link's install base is significant, and this could have potentially turned into a big issue," he said.

eEye rated the severity of the flaw as "high." Danish security firm Secunia rated the vulnerability "moderately critical", and Symantec gave the flaw a "10," its highest severity rating.

Attackers could exploit the vulnerability by sending an excessively long M-search string to a device, triggering a stack-based buffer overflow. M-search commands are sent by devices attempting to connect to Universal Plug and Play (UPnP) networks to find other devices on the network, eEye said.

If successful, attackers could gain the ability to execute arbitrary code and apply modified firmware that could eventually allow them to compromise the whole network, according to eEye.

However, attackers would have to have users' wireless settings or administrator password to exploit the flaw, which causes the router to reboot but doesn't create a denial-of-service situation, the D-Link spokesperson said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
The Staying Power of Legacy Systems
Mary E. Shacklett, Mary E. Shacklett,  4/15/2019
Q&A: Red Hat's Robert Kratky Discusses Essentials of Docs
Joao-Pierre S. Ruth, Senior Writer,  4/15/2019
How Cloud Shifts Security Balance of Power to the Good Guys
Guest Commentary, Guest Commentary,  4/11/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll