D-Link DNR-322L / D-Link DNR-326 Multiple Vulnerabilities
Where:From local network
Impact:Security Bypass
Description
A security issue and a vulnerability have been reported in D-Link DNR-322L and D-Link DNR-326, which can be exploited by malicious people to bypass certain security restrictions.
1) The device does not properly verify user authentication, which can be exploited to bypass the intended authentication mechanism and e.g. change administrative credentials.
2) The device does not properly restrict access to certain commands related to /cgi-bin/cgi_main, /cgi-bin/system_mgr.cgi, and /cgi-bin/account_mgr.cgi, which can be exploited to access otherwise restricted functionality and subsequently e.g. disclose credentials, change administrative passwords, add users, cause a shutdown or restart of the device, upload arbitrary firmware, and restore to factory settings.
The security issue and the vulnerability are reported in the following firmware versions:
* D-Link DNR-322L firmware versions prior to 2.00b07.
* D-Link DNR-326 firmware versions prior to 2.10b02.
Solution:
Update to versions 2.00b07 or 2.10b02.
http://secunia.com/advisories/60664/
Where:From local network
Impact:Security Bypass
Description
A security issue and a vulnerability have been reported in D-Link DNR-322L and D-Link DNR-326, which can be exploited by malicious people to bypass certain security restrictions.
1) The device does not properly verify user authentication, which can be exploited to bypass the intended authentication mechanism and e.g. change administrative credentials.
2) The device does not properly restrict access to certain commands related to /cgi-bin/cgi_main, /cgi-bin/system_mgr.cgi, and /cgi-bin/account_mgr.cgi, which can be exploited to access otherwise restricted functionality and subsequently e.g. disclose credentials, change administrative passwords, add users, cause a shutdown or restart of the device, upload arbitrary firmware, and restore to factory settings.
The security issue and the vulnerability are reported in the following firmware versions:
* D-Link DNR-322L firmware versions prior to 2.00b07.
* D-Link DNR-326 firmware versions prior to 2.10b02.
Solution:
Update to versions 2.00b07 or 2.10b02.
http://secunia.com/advisories/60664/