D-Link Critical Flaw Let Attackers Execute Arbitrary Code And Obtain Sensitive Information

Cisco Talos, the threat intelligence research team of Cisco has recently identified and uncovered several critical security flaws in the router of D-LINK, DIR-3040, it’s an AC3000-based wireless internet router.

By exploiting the detected bugs, an attacker can easily execute arbitrary code to gain access to the confidential data, and not only that even also disable a device through a denial of service attack. 

The cybersecurity experts at Cisco Talos have claimed that they have detected in total five critical security vulnerabilities. And among them, there are hardcoded password vulnerabilities, command injection vulnerabilities, and information disclosure vulnerabilities.

Flaws Detected

In total, the security analysts have detected five critical vulnerabilities, and here they are mentioned below:-

  • CVE-2021-21816 (TALOS-2021-1281): It’s a Syslog information disclosure vulnerability.
  • CVE-2021-21817 (TALOS-2021-1282): It’s a Zebra IP Routing Manager information disclosure vulnerability.
  • CVE-2021-21818 (TALOS-2021-1283): It’s a Zebra IP Routing Manager hard-coded password vulnerability.
  • CVE-2021-21819 (TALOS-2021-1284): It’s a Libcli command injection vulnerability.
  • CVE-2021-21820 (TALOS-2021-1285): It’s a Libcli Test Environment hard-coded password vulnerability.

Critical flaws

All the five flaws detected are severe, but among them, the security researchers have classified the CVE-2021-21818, CVE-2021-21819, and CVE-2021-21820 as critical.

  • Flaw: CVE-2021-21818
  • Tested version: D-LINK DIR-3040 1.13B03
  • Summary: CVE-2021-21818 is a hard-coded password vulnerability that is detected in zebra IP Routing Manager.
  • CVSS: 7.5
  • CWE: CWE-259
  • Flaw: CVE-2021-21819
  • Tested version: D-LINK DIR-3040 1.13B03
  • Summary: CVE-2021-21819 is a command injection vulnerability that is detected in the Libcli Test Environment functionality.
  • CVSS: 9.1
  • CWE: CWE-78
  • Flaw: CVE-2021-21820
  • Tested version: D-LINK DIR-3040 1.13B03
  • Summary: CVE-2021-21820 is also a hard-coded password vulnerability that is detected in the Libcli Test Environment.
  • CVSS: 10.0
  • CWE: CWE-798

According to the security analysts of Cisco Talos report, by exploiting these two vulnerabilities (CVE-2021-21818 and CVE-2021-21820) a threat actor can easily bypass the authentication mechanism by sending a sequence of specially crafted network requests.

And as a result, the exploitation of these two flaws will lead the threat actors to execute a denial of service attack or execution of arbitrary code on the affected router.

Moreover, the security specialists have affirmed that among the critical flaws, the CVE-2021-21818 and CVE-2021-21820 are hard-coded password vulnerabilities that could be used to execute arbitrary code and DoS attacks. 

While they claimed that the CVE-2021-21819 is related to command injection and was found in the Libcli Test Environment functionality, and this problem can also be used to execute arbitrary code on the affected router.

Fix and recommendation

The security experts at Cisco Talos have reported this flaw to D-Link and the developers of D-Link have already released a hotfix for the firmware 1.13B03 and below to fix all these vulnerabilities.

Apart from this, the developers of D-Link have claimed that they will update this continually, and by the meantime, they have strongly advised all the users to install all the security updates provided by them.

Balaji N
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.