Secunia Security Advisory - A vulnerability has been reported in the D-Link routers DIR-628 and DIR-655, which can be exploited by malicious people to bypass certain security restrictions.
e3b2d89822796a6743d23c8383b6dfacdcf04e0bdc2b6f5788aaf48e4bb5dd18
----------------------------------------------------------------------
Accurate Vulnerability Scanning
No more false positives, no more false negatives
http://secunia.com/vulnerability_scanning/
----------------------------------------------------------------------
TITLE:
D-Link Routers DIR-628 / DIR-655 HNAP Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA38092
VERIFY ADVISORY:
http://secunia.com/advisories/38092/
DESCRIPTION:
A vulnerability has been reported in the D-Link routers DIR-628 and
DIR-655, which can be exploited by malicious people to bypass certain
security restrictions.
The vulnerability is caused due to the HNAP (Home Network
Administration Protocol) implementation not verifying if the method
specified in the "SOAPAction" header matches the actions specified in
the request's SOAP body. This can be exploited to perform restricted
actions by e.g. specifying the "GetDeviceSettings" method in the
header but including a "SetDeviceSettings" instruction in the body.
The vulnerability is reported in DIR-628 hardware version B2 with
firmware versions 1.20NA and 1.22NA and DIR-655 hardware version A1
with firmware version 1.30EA. Other models and firmware versions may
also be affected.
SOLUTION:
Filter malicious requests using a firewall.
PROVIDED AND/OR DISCOVERED BY:
SourceSec DevTeam
ORIGINAL ADVISORY:
http://www.sourcesec.com/Lab/dlink_hnap_captcha.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------