SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities
Credit to Author: SSD / Maor Schwartz| Date: Mon, 01 Jan 2018 10:41:38 +0000
Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope
Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09.
D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel”
The vulnerabilities found are:
- Default Credentials
- Remote Command Execution
Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
Bezeq was informed of the vulnerability on June 9, and released patches to address these vulnerabilities.
Vulnerabilities details
The device has a custom firmware with the following issues:
- The Remote Web Management is enabled by default
- The default account cannot be disabled
Default Credentials
The default account username is:
support
The password is:
support
Remote Command Execution
The shell interface allows only a set of commands however you can “bind” them using ‘&&’ ‘||’
Sending the command to the shell:
Will result in a BusyBox shell
