The Graveyard - Products No Longer Supported > DIR-635

Security scan fails w/ TFTP Server open - how to close??

(1/2) > >>

Tinchote:
This is not a fake scan. On my DIR 632, using tftp, I was able to read /etc/passwd and /etc/hosts, and to upload a file to; to make it worse, I was able to do this from outside the LAN.

FurryNutz:
Link>Welcome!


* What Hardware version is your router? Look at sticker under the router case.
* Link>What Firmware version is currently loaded? Found on the routers web page under status.
* What region are you located?
* Are you wired or wireless connected to the router?

Tinchote:
Thanks. It's a DIR 632. hardware A1, firmware 1.01NA.

I'm in Canada. I'm accessing the router through the internet, I'm some 4km away from it; that's the scary thing, I don't mind if a port is opened towards the LAN, but this is opened wide to the world.

I run, on my console, "tftp my-router-ip GET /etc/passwd" and I was able to retrieve the file. I was also able to upload a file.

FurryNutz:
I recommend upgrading the routers FW and see if this issue is closed:
http://support.dlink.ca/ProductInfo.aspx?m=DIR-632

Please follow this for updating FW: Link> >FW Update Process

"This product has been discontinued.
Free support for this product has ended on 08/02/2014"

Tinchote:
Thanks, I'll try that.

Navigation

[0] Message Index

[#] Next page