D-Link Forums

D-Link Enterprise => DGS-1510-Series => Topic started by: varangamin on February 22, 2017, 10:19:25 AM

Title: Security Update: Authentication Bypass Vulnerabilities - Dlink 1510 Switch Serie
Post by: varangamin on February 22, 2017, 10:19:25 AM

Authentication Bypass Vulnerabilities - Dlink 1510 Switch Series

Disclosed by Aditya K Sood and Varang Amin (Independent Security Researchers)

Drink switches are ****e to authentication bypass vulnerabilities which allow the remote users to perform unauthorized operations on the switches thereby resulting in complete control of the switch.

With the authentication bypass, it is possible to:

• execute remote commands on the switch such as becoming administrator.
  extract information from the switch such as configuration and others.
  

Dlink has released a patch here: http://forums.dlink.com/index.php?topic=66410.0 (http://forums.dlink.com/index.php?topic=66410.0)

We also want to highlight that DLink security team worked collaboratively with us to fix the issue within a month including re-testing and releasing the firmware update. The DLink team was very active in communicating with the researchers. In addition, they created a testing environment with the new fixes for us to test the updated firmware.

If you have any specific questions, feel free to let us know.

Thanks