Hackers may be able to use router flaws in commonly used D-Link to exfiltrate data & also to upload malware.
Researchers have cautioned remote workers that their home-router contains ‘inherent flaws’ that let hackers run ‘arbitrary commands’, exfiltrate data, upload malware, delete data or even steal user credentials.
From a blog post from Palo Alto Networks, it was revealed that researchers discovered that D-Link Wireless Cloud Routers running the latest firmware had a total of 6 vulnerabilities! These problems were found in the DIR-865L model of D-Link routers, which is meant solely for home network use.
It was added that the current tendency towards home-working increases the risk of malicious attacks against home networks, so it is even more important to keep their networking devices updated.
A 1st flaw, CVE-2020-13782, could allow a hacker to ‘inject arbitrary code’ to be executed on the router with administrative privileges. This particular attack would lead to a ‘denial of service.’
A 2nd bug, CVE-2020-13786, allows an attacker to ‘sniff’ web traffic & use session information to access password-protected portions of the website without any knowledge of the password.
A 3rd flaw, CVE-2020-13784, can enable hackers to access a session cookie by knowing the approx. time that a user logged-on, even if it is protected with encryption.
Researchers explained that due to the nos. now working from home, malicious forces have a definite incentive to attack routers that are meant for home networks.
“These vulnerabilities can be used together to run arbitrary commands, exfiltrate data, upload malware, delete data or steal user credentials. These attacks are easiest to conduct if the router is set up to use HTTP, but a sophisticated attacker can still calculate the required session information if the router uses HTTPS,” they further added.
Martin Jartelius, CSO at Outpost24, revealed that these sorts of SOHO-router problems have been the scourge of the industry for years.
“We helped a range of telco providers review the equipment they shipped to consumers as part of their internet subscriptions in an attempt to help resolve this issue before the time when most vendors started implementing improvements. It still remains a problem today, & over the years we have seen several cases such as GhostDNS automated router farming attacks,” he commented.
“For home users, given that this is an 8 yr. old product and even though we do not encourage a wasteful lifestyle, it may be time to consider a more modern router, & once you get it, see the advice for remote working from SANS for guidelines on WIFI & Router security for home users.”
Paul Bischoff, Privacy Advocate at Comparitech.com explained “Wi-fi router vulnerabilities like these are troublesome because many users will not replace or patch them.
“Home wi-fi routers are typically retail purchases & users usually don’t need to register any sort of account to use them, so manufacturers have no way to directly contact users & inform them of issues. Most consumers probably do not even know their router model or how to run firmware updates.
“Many older routers do not have an automatic update feature, & at least 1 reviewer noted that the DIR-865L automatic update function did not work. Routers often sit untouched after initial setup & can go years without any sort of attention from users so long as they connect to the internet,” he concluded.