D-Link Wi-Fi Signal Boosters Vulnerable to Remote Command Execution

By Ava McKinneyOnline Safety

D-Link Wi-Fi Signal Boosters Vulnerable to Remote Command Execution

A team of researchers from RedTeam has discovered serious vulnerabilities in the popular D-Link DAP-X1860 Wi-Fi signal booster. The identified vulnerability allows for both denial-of-service (DoS) attacks and remote command injection. The issue has been assigned the identifier CVE-2023-45208. According to the researchers, they were unable to notify D-Linkโ€™s developers about the problem, as the company has remained unresponsive despite multiple attempts to report the bug. As a result, no patches have been released to date.

Details of the Vulnerability

The vulnerability in the D-Link DAP-X1860 is related to the network scanning function (parsing_xml_stasurvey in the libcgifunc.so library). Specifically, the device fails to properly parse SSIDs containing the ' (single quote) character, mistakenly interpreting it as the end of a command.

Due to insufficient sanitization of SSIDs, attackers can exploit this function with ease. An attacker within range of the device can set up a Wi-Fi network with a name familiar to the victim, but include a ' character in the SSID. For example: Olaf’s Network.

When the device attempts to connect to such a network, it triggers a 500 Internal Server Error, causing the device to malfunction.

Remote Command Execution Risk

Even more concerning, an attacker can add a shell command to the SSID, separated by &&. For example: Test’ && uname -a &&. When the device scans or connects to this network, it will execute the uname -a command.

Since all processes on the D-Link DAP-X1860, including those injected by attackers, run with root privileges, hackers could potentially explore other connected devices and further infiltrate the network.

Attack Execution and Mitigation

Researchers note that to carry out this attack, the target device must first be forced to scan for networks. This can be achieved through deauthentication attacks. There are many readily available tools that can generate and send deauth packets to the signal booster, forcing it to disconnect from the main network and initiate a scan.

Because the researchers were unable to contact D-Link engineers, they warn that the DAP-X1860 remains vulnerable, and exploiting this flaw is not particularly difficult.

Recommendations for Device Owners

  • Limit the number of network scans performed by your device.
  • Be cautious of unexpected disconnections.
  • Turn off the device when it is not in use.
  • Place all IoT devices on a separate, isolated network, away from devices that store personal or work-related data.

Leave a Reply