D-Link warns of vulnerable routers

The networking company said on Monday that the problem was discovered by security researchers SourceSec, affecting three of its wireless routers: DIR-855 (hardware version A2), the DIR-655 (version A1 to A4) and DIR- 635 (version B). The devices are marketed to consumers and businesses.

The fault lies in the implementation of D-Link of the House of Cisco Network Management Protocol (FZ), which lets you configure the remote router. In a blog post on January 9, researchers said they had SourceSec “found a way to view and edit the configuration of D-Link router without administrative credentials, using a management interface seconds. They also said they have written a proof of concept tool called HNAP0wn to exploit the vulnerability.

While it is undisputed that the flaw exists, and D-Link SourceSec disagree that the routers are affected.

In a document accompanying the blog entry said SourceSec D-Link routers affected are: DI-524 (C1 hardware version, firmware version 3. 23), DIR-628 (B2 version, Version 1.22NA 1.20NA firmware) and DIR-655 (A1 version, firmware version 1.30EA).

However, D-Link, said that the routers are either not disclosed or are not offered as described by the researchers.

“Of the three models allegedly affected, one was never sold in Europe and is not compatible with FZ” he said. “One does not exist [and] there is a firmware version not available anywhere for download.”

D-Link model he says is not in the European market is DI-524 (C1). Moreover, this model is not compatible with FZ, the company said. The model does not exist is DIR-628 (B2), since only one team has been released for that device. Finally, the model DIR-655 (A1, 1. 30EA firmware) running firmware version restricted in East Asia and therefore irrelevant to Europe.

SourceSec said in his blog post that it is suspected that “most if not all, of D-Link routers since 2006 are” vulnerable.

However, in the course of an investigation in which D-Link routers test their SourceSec using the tool, the company found that only three of their routers were affected by the vulnerability. Furthermore, only run the exploit code was not enough to threaten the D-Link routers, he said.

“It is important to note that the implementation of the code alone is not enough to cut into the router: only software tool that seems to achieve this result,” the statement said D-Link.

The company is in process of updating its firmware through Europe, a spokesman for D-Link, told ZDNet UK on Monday.

“[] D-Link is the load of patches for its European sites,” said the spokesman, who added that the firmware updates had been circulated over the weekend.

D-Link SourceSec criticized, saying it had not been informed of the investigation prior to publication, and that the report could have affected their clients.

“In releasing the tool, and give specific instructions, the report’s authors have publicly highlighted how security can be breached, which could have serious consequences for our customers,” said the statement D-Link.