Announcements > Security Advisories

DIR-655 - Rev C - Multiple Vulnerabilities

(1/2) > >>

GreenBay42:
We have uncovered several critical flaws in the D-Link DIR-655 consumer grade router. In conjunction these issues allow an attacker to remotely take control of a user's device if they visit a malicious webpage.

The issues are as follows:
● Command injection via device configuration setting
● Setup wizard can be used to reset password to default
● Cross-site request forgery
● Multiple reflected cross-site scripting issues

Joel St. John
Security Consultant
NCC Group

Fixed Firmware (Revision Cx Only) - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_FIRMWARE_v3.02B05_BETA03.zip

FurryNutz:
Wow, I get to drag out my Rev C.  :o

FurryNutz:
8 months later, my Rev C went online last night.  ;D No issues seen thus far. Speeds are great. TS and QoS enabled. Feel odd working in the old UI.  :P Memories.  8) Will try and get some gaming in.  ;D

GreenBay42:
Solid router :)

FurryNutz:
Was a work horse for many years.  ;) Works nicely with a WiFi AX upgrade.  :o

Navigation

[0] Message Index

[#] Next page

Go to full version