Another HNAP flaw in D-Link routers

CERT recently issued an advisory about a flaw in D-Link routers, specifically, in the parsing of HNAP messages. The advisory warns that “A remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.” That’s as bad as it gets. There is a list of D-Link routers known to be vulnerable (DIR-823, DIR-822, DIR-818L, DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L), but Pedro Ribeiro, of Agile Information Security, who found the flaw, warned that “there might be other affected devices.” And, Marshall Honorof points out that “D-Link gives these models alternate names meant to sound sexier to consumers. For example, the DIR-895L is also known as the AC5300 Ultra Wi-Fi Router. You’ll want to Google the model name, check your router’s administrative login page, or just flip the physical device over to check for the model number.”

You can read the full article here.