• March 19, 2024, 03:59:42 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - COVR-3902 Firmware - v1.01b05_Beta01 Security Hotfix Release  (Read 7953 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Firmware: v1.01 B05 Beta 01   04/12/2021
Revision Info

Overview
On January 11, 2021, a 3rd party security researcher from Tsinghua University's Network and Information Security Laboratory submitted a report accusing the COVR-3902 using firmware v1.01 of a DDoS vulnerability. The vulnerability uses an exploit in the device's IPv6 forwarding routing loop handling, which could amplify the traffic into a DDoS attack between the upstream router and the affected COVR-3902.
 
The COVR-3902, or COVR-3902-US in the United States, is a Kit including the COVR-2600R WiFi Router and the COVR-1300E WiFi Extender. This vulnerability affects the Router device in the kit, COVR-2600R.
 
The reported vulnerability was confirmed, and a patch has been released to close the security issue.

3rd Party Report information

          - Report provided:Xiang Li, Network and Information Security Lab, Tsinghua University ::

                                         x-l19 _at_ mails _dot_ tsinghua _dot_ edu _dot_ cn
 
          - Reference : To Be Post upon author's public disclosure


(Quoted from Original Support by 3rd Party)

For a home router connecting an ISP's broadband network, its WAN interface is assigned a globally unique IPv6 prefix (e.g., 2001:db8:1:5678::/64), and its LAN network is delegated a globally addressable IPv6 prefix (e.g., 2001:db8:2:1230::/60) as well by its upstream ISP router.

According to the IPv6 address and routing module, the home router picks one 128-bits IPv6 address as its WAN interface's address (e.g., 2001:db8:1:5678:1111:2222:3333:4444) and assigns one /64 sub-prefix to its LAN network (e.g., 2001:db8:2:1230::/64). Then, the home router inserts two routes into its routing table.

During the routing process, for the ISP router, any packet with a destination within the 2001:db8:1:5678::/64 or 2001:db8:2:1230::/60 would be transmitted to the home router. Whereas for the home router, any packet with a destination, not the 2001:db8:1:5678:1111:2222:3333:4444 or not within the 2001:db8:2:1230::/64, would be sent back to the ISP router, following the default routing policy.

As a result, such a packet would be forwarded between the ISP router and the home router until the Hop Limit field in the IPv6 header is zeroed out. The maximum value of this field is 255. Thus, the loops can amplify traffic with a ratio of >200 (minus the former hop count). What's worse, if we fake the source IPv6 address with the same Not-used Prefix and address, we could double the loop times or more.

Get it here: This is only for the router portion of the COVR system.
COVR-3902

Please follow the> FW Update Process to ensure a good FW upgrade is performed.

Let us know how it works for you...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.