D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: v0idi on January 11, 2010, 03:44:37 AM

Title: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: v0idi on January 11, 2010, 03:44:37 AM
Hello,

I just stumbled across a blog post (http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/ (http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/)) which details a vulnerability in the HNAP implementation on at least the DIR-655 and a few other D-Link models as well. The vulnerability allows one to change the router settings without knowing the administrator password, and is exploitable at least on the local network.

So, has the problem been acknowledged and when can we expect a fix?
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: ozzed3 on January 11, 2010, 03:57:52 AM
They will probably wiff it off by saying that as long as the exploit can not be done from outside the local network there is "nothing to worry about". Then again, not even D-link's staff work "in IT" by the fanboys definition.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: DCIFRTHS on January 11, 2010, 04:05:17 AM

Interesting info. I am interested to see how this unfolds. I really hope the mods have the impartiality leave this thread open, and if necessary, only delete inflammatory posts.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: EndlessDreams on January 15, 2010, 09:08:31 AM
Hello,

I just stumbled across a blog post (http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/ (http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/)) which details a vulnerability in the HNAP implementation on at least the DIR-655 and a few other D-Link models as well. The vulnerability allows one to change the router settings without knowing the administrator password, and is exploitable at least on the local network.

So, has the problem been acknowledged and when can we expect a fix?


Kinda funny take a look here as well.

http://www.pcworld.com/businesscenter/article/186996/dlink_issues_fixes_for_router_vulnerabilities.html (http://www.pcworld.com/businesscenter/article/186996/dlink_issues_fixes_for_router_vulnerabilities.html)

Yet I have not saw one single patch yet.. Great going D-Link..
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 15, 2010, 09:27:04 AM
Get the utility and try it.
I believe we patched that a long time ago. That website is reporting on things from like six months ago.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: EndlessDreams on January 15, 2010, 09:33:08 AM
Get the utility and try it.
I believe we patched that a long time ago. That website is reporting on things from like six months ago.

Thats strange if you look at the original posters post it wasnt 6 months ago this was posted there either. They are not the only sites who posted this as well.

Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 15, 2010, 09:34:07 AM
Look at the full write up. It states what firmwares are actually effected.
1.20 for the 655? That OLD.
And it's 1.20EU not even a north american firmware.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 15, 2010, 09:35:02 AM
They also refer to a DI-524 and a Di-624M. It's old code and the site is just looking to report on anything.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: EndlessDreams on January 15, 2010, 09:37:05 AM
I am going to make a post on there ask them why they are posting news from 6 months ago like you claim... This way its linked back to here and they can get the facts straight...
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 15, 2010, 09:38:37 AM
did you read the full write up? It lists the firmwares they tested.
Also i think you mean (here) not hear?
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: EndlessDreams on January 15, 2010, 09:40:31 AM
Why would pcworld post stories from 6 months ago if these were not true?
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 15, 2010, 09:42:17 AM
Your avoiding the question. I can't comment on what they do. What I can comment on is the FULL WRITEUP. Which I read and CLEARLY notes OLD firmware.

Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: EndlessDreams on January 15, 2010, 09:43:40 AM
Have you tested the tool? Cause it clearly works...
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 15, 2010, 09:47:21 AM
You tested it? We're looking in to it now. Thats why I asked. What were the results of your test?
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: EndlessDreams on January 15, 2010, 09:51:09 AM
You said this was patched... But yet....

"D-Link Corp. today admitted that some of its routers have a vulnerability that could allow hackers access to a device's administrative settings."

January 15, 2010 11:28 AM ET
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 15, 2010, 09:57:06 AM
Again we're testing I based the statement on the firmware and the testing they ran. I went ahead and located a linux machine to run the test through.

I said I believe it was patched. Again I was looking for someone that had confirmed that the hole still posed a threat, not an argument.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: brichter45 on January 15, 2010, 09:58:51 AM
Lycan-

I don't know how you keep your cool in these forums. I've read through most of the topics last night and there are soooo many haters right now. Everyone needs to be a little more constructive with their criticism. "you guys suck", "worst company ever", "don't know what you're doing", are worthless criticisms. I understand that you guys are currently working on the DIR-655 patch and am patiently waiting for it. Please keep the rest of us "who actually enjoy d-link products" up to date on the next release.

Thanks,

BR
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: EndlessDreams on January 15, 2010, 10:01:15 AM
I'm not trying to argue its the internet.. If it was real life then it would be different ;) but you make it seem that way when you go and correct someone over spelling they made a mistake on.. I was pointing things out so they could get patched nothing more nothing less.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 15, 2010, 10:07:43 AM
I wasn't sure if you and misspoke and meant hear or just used the wrong here.

We'll test against the vulnerability and report the findings to PM.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: Lycan on January 18, 2010, 08:40:49 AM
After testing this we have determined that the script doesn't appear to allow the user to adjust settings. We're investigating this further.
Title: Re: DIR-655 HNAP exploit (and when are you going to fix it?)
Post by: sesca on January 18, 2010, 11:19:17 AM
Post any information regarding this topic to:
http://forums.dlink.com/index.php?topic=10458.0 (http://forums.dlink.com/index.php?topic=10458.0)

Keeping the posts unified makes it easier to monitor than searching for multiple threads.