---------------------------------------------------------------------- Accurate Vulnerability Scanning No more false positives, no more false negatives http://secunia.com/vulnerability_scanning/ ---------------------------------------------------------------------- TITLE: D-Link Routers DIR-628 / DIR-655 HNAP Security Bypass Vulnerability SECUNIA ADVISORY ID: SA38092 VERIFY ADVISORY: http://secunia.com/advisories/38092/ DESCRIPTION: A vulnerability has been reported in the D-Link routers DIR-628 and DIR-655, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the HNAP (Home Network Administration Protocol) implementation not verifying if the method specified in the "SOAPAction" header matches the actions specified in the request's SOAP body. This can be exploited to perform restricted actions by e.g. specifying the "GetDeviceSettings" method in the header but including a "SetDeviceSettings" instruction in the body. The vulnerability is reported in DIR-628 hardware version B2 with firmware versions 1.20NA and 1.22NA and DIR-655 hardware version A1 with firmware version 1.30EA. Other models and firmware versions may also be affected. SOLUTION: Filter malicious requests using a firewall. PROVIDED AND/OR DISCOVERED BY: SourceSec DevTeam ORIGINAL ADVISORY: http://www.sourcesec.com/Lab/dlink_hnap_captcha.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------