Advisory Overview
Several older D-Link routers have a known vulnerability that can allow an attacker to use a legitimate communications channel in illegitimate ways. Through this vulnerability, and attacker could send program code or files that can allow the attacker to access the internal Local Area Network and gain access to systems normally protected by the router itself.
Technical detail and additional information
What is the threat?
The vulnerability leverages the “ping test” protocol on D-Link routers by wrapping additional commands and/or invoking executables in the guise of a ping test operation. By using this command pathway for illegitimate purposes, threat actors can bypass normal credential checks and access router functions or launch remote exploits without administrative acess.
Why is this noteworthy?
Unlike most vulnerabilities found in router systems, D-Link has advised customers that the effected models are beyond end-of-support; and as such no patch will be created for this issue. This leaves users of the effected models with little choice but to upgrade to a newer router, including configuration and testing of new hardware prior to placing it in production.
What is the exposure or risk?
Since the exploit allows for code execution without proper credentials, attackers can execute operations that can impact router stability, or further an attempt to gain a foothold within the organization’s LAN. The code injected via the ping test command (ping_IPADDR) will be executed without requiring any credentials. This means that native D-Link applications or probing operations could be executed by an attacker.
What are the recommendations?
As D-Link has stated that no patch will be created for these devices, the recommendation is to upgrade to a supported hardware model at the earliest opportunity.
A list of impacted models can be found at the FortiGuard URL below.
References:
· https://securityaffairs.co/wordpress/92227/hacking/d-link-router-models-flaw.html
· https://nvd.nist.gov/vuln/detail/CVE-2019-16920
· https://fortiguard.com/zeroday/FG-VD-19-117
If you have any questions, please contact our Security Operations Center.