• April 26, 2019, 02:37:16 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-655 - Rev C - Multiple Vulnerabilities  (Read 475 times)

GreenBay42

  • Administrator
  • Level 10 Member
  • *
  • Posts: 2002
DIR-655 - Rev C - Multiple Vulnerabilities
« on: January 17, 2019, 07:14:14 AM »

We have uncovered several critical flaws in the D-Link DIR-655 consumer grade router. In conjunction these issues allow an attacker to remotely take control of a user's device if they visit a malicious webpage.

The issues are as follows:
● Command injection via device configuration setting
● Setup wizard can be used to reset password to default
● Cross-site request forgery
● Multiple reflected cross-site scripting issues

Joel St. John
Security Consultant
NCC Group

Fixed Firmware (Revision Cx Only) - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_FIRMWARE_v3.02B05_BETA03.zip
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47243
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DIR-655 - Rev C - Multiple Vulnerabilities
« Reply #1 on: January 17, 2019, 07:34:28 AM »

Wow, I get to drag out my Rev C.  :o
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!