D-Link has released a patch for the DIR-865L router. This fixes four vulnerabilities that could be used to read data. It is striking that D-Link does not repair two vulnerabilities, including a command injection.
The bugs are fixed in the DIR-865L, which is now end-of-sale in Europe. Security researchers from Palo Alto Networks found the vulnerabilities in the router. In total there are six bugs. The bugs are quite serious; they receive scores between 7.5 and 9.8 on a severity scale from the National Vulnerability Database.
The vulnerabilities make it possible to retrieve a lot of information via the router. For example, it is possible to inject code and thus upload malware to a network, or to read data. These include cross-site request forgery and command injection. In addition, in some cases encryptions are not strong, and data is stored and sent somewhere in plain text.
Palo Alto Networks researchers discovered the leak in February and agreed the report with the router maker. It is striking that D-Link only fixes four of the six vulnerabilities. The bug that allows command injection, CVE-2020-13782, and sending information in plain text, CVE-2020-13787, will not be fixed. It is not known why D-Link does not fix those two specific leaks. Maybe that has to do with the phasing out of the routers. In the United States, the router is already end-of-life.
|CVE-2020-13786||Several pages in the web interface are vulnerable to cross-site request forgery. This allowed files containing malware to be uploaded.|
|CVE-2020-13785||The encryption to login to the portal was partly sent in plain text. It was possible to retrieve the password with a brute force attack.|
|CVE-2020-13784||The algorithm to calculate the session cookie was predictable.|
|CVE-2020-13783||The password for the router was stored in plain text in tools_admin.php.|
|CVE-2020-13787||The password for the guest network was encrypted with WEP|
|CVE-2020-13782||Code could be entered with admin rights when connecting to scandir.sgi|