• July 16, 2019, 07:45:25 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-655 - Rev C - Multiple Vulnerabilities  (Read 765 times)

GreenBay42

  • Administrator
  • Level 10 Member
  • *
  • Posts: 2111
DIR-655 - Rev C - Multiple Vulnerabilities
« on: January 17, 2019, 07:14:14 AM »

We have uncovered several critical flaws in the D-Link DIR-655 consumer grade router. In conjunction these issues allow an attacker to remotely take control of a user's device if they visit a malicious webpage.

The issues are as follows:
● Command injection via device configuration setting
● Setup wizard can be used to reset password to default
● Cross-site request forgery
● Multiple reflected cross-site scripting issues

Joel St. John
Security Consultant
NCC Group

Fixed Firmware (Revision Cx Only) - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_FIRMWARE_v3.02B05_BETA03.zip
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47562
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-655 - Rev C - Multiple Vulnerabilities
« Reply #1 on: January 17, 2019, 07:34:28 AM »

Wow, I get to drag out my Rev C.  :o
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting