Unpatched Vulnerabilities in D-Link Routers

Peter Adkins, a systems engineer in Canada, recently released details of vulnerabilities in several models of D-Link routers. Adkins published a write-up of his findings on GitHub.

The worst vulnerability is a cross-site request forgery (CSRF). This is an attack that fakes a link for a user to click on, and when they do, it sends out an unauthorized request to a trusted site. This can be done if a user visits a malicious webpage that delivers an html form. This form accesses the ncc/ncc2 service on the router that handles dynamic requests, like changing usernames and passwords. Many routers have a defense that blocks CSRF requests, but the D-Link routers that Adkins tested didn’t have these defenses.

Once the ncc/ncc2 service is accessed, the attacker can gain full access to the router. From there, the attacker can launch a pharming attack, which is when the DNS settings are changed. This can lead the user to a bad website, even when entering the correct domain.

At the time that Adkins published these details, D-link officials had not issued a comment on the vulnerabilities.

 – Sandra Lovejoy