Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,579
- Points
- 113
The vulnerability opens up root access to the device and a path across the entire network.
The D-Link DAP-X1860 Wi-Fi signal booster, which runs on WiFi 6 technology, is subject to a vulnerability that leads to Denial of Service (DoS) and remote command injection.
The team of German researchers RedTeam, which discovered the vulnerability CVE-2023-45208, reported that D-Link ignored repeated warnings of specialists about the error, and fixes were not released.
The problem lies in the D-Link DAP-X1860 network scanning function, namely, the inability to parse SSIDs (Service Set Identifier) that contain an apostrophe ( ' ) in the name, mistakenly interpreting it as a sign of command completion.
Technically, the problem comes from the "parsing_xml_stasurvey" function in the library "libcgifunc.so", which contains the system command to execute. However, due to the lack of SSID clearing in the product, an attacker can easily abuse this function for malicious purposes.
A cybercriminal located within the scope of the booster can create a Wi-Fi network and give it a name similar to the target's network name, and include an apostrophe in the name, for example, "John's Network". When the device tries to connect to this SSID, it returns "Error 500: Internal Server Error", stopping working normally.
If an attacker adds a second partition to the SSID that contains a shell command separated by"&&", such as "Test' & & uname -a &&", the booster will execute the "uname-a" command when configuring / scanning the network.
All processes on the amplifier, including any commands embedded by the hacker, are executed with root privileges, which allows the attacker to check other devices connected to the amplifier and move further on the network. The most difficult condition for an attack is to force a network scan on the target device, but this is possible by performing a deauthentication attack.
Several readily available programs can generate and send deauthentication packets to the booster, disconnecting it from the main network and forcing the target to perform a network scan.
RedTeam researchers discovered this flaw in May 2023 and reported it to D-Link, but despite multiple attempts to contact them, no response was received. In other words, the D-Link DAP-X1860 is still vulnerable to attacks, and the relatively simple operating mechanism makes the situation dangerous.
Owners of DAP-X1860 amplifiers are advised to limit manual network scanning, be suspicious of sudden disconnections, and turn off the amplifier when not in use. Experts also recommend considering placing IoT devices and amplifiers on a separate network, isolated from sensitive devices that store personal or work data.
The D-Link DAP-X1860 Wi-Fi signal booster, which runs on WiFi 6 technology, is subject to a vulnerability that leads to Denial of Service (DoS) and remote command injection.
The team of German researchers RedTeam, which discovered the vulnerability CVE-2023-45208, reported that D-Link ignored repeated warnings of specialists about the error, and fixes were not released.
The problem lies in the D-Link DAP-X1860 network scanning function, namely, the inability to parse SSIDs (Service Set Identifier) that contain an apostrophe ( ' ) in the name, mistakenly interpreting it as a sign of command completion.
Technically, the problem comes from the "parsing_xml_stasurvey" function in the library "libcgifunc.so", which contains the system command to execute. However, due to the lack of SSID clearing in the product, an attacker can easily abuse this function for malicious purposes.
A cybercriminal located within the scope of the booster can create a Wi-Fi network and give it a name similar to the target's network name, and include an apostrophe in the name, for example, "John's Network". When the device tries to connect to this SSID, it returns "Error 500: Internal Server Error", stopping working normally.
If an attacker adds a second partition to the SSID that contains a shell command separated by"&&", such as "Test' & & uname -a &&", the booster will execute the "uname-a" command when configuring / scanning the network.
All processes on the amplifier, including any commands embedded by the hacker, are executed with root privileges, which allows the attacker to check other devices connected to the amplifier and move further on the network. The most difficult condition for an attack is to force a network scan on the target device, but this is possible by performing a deauthentication attack.
Several readily available programs can generate and send deauthentication packets to the booster, disconnecting it from the main network and forcing the target to perform a network scan.
RedTeam researchers discovered this flaw in May 2023 and reported it to D-Link, but despite multiple attempts to contact them, no response was received. In other words, the D-Link DAP-X1860 is still vulnerable to attacks, and the relatively simple operating mechanism makes the situation dangerous.
Owners of DAP-X1860 amplifiers are advised to limit manual network scanning, be suspicious of sudden disconnections, and turn off the amplifier when not in use. Experts also recommend considering placing IoT devices and amplifiers on a separate network, isolated from sensitive devices that store personal or work data.
