Critical Security Flaws on D-Link DIR-3040 Routers

Overview

Critical security flaws, including hard-coded password, command injection and information disclosure, have been discovered on D-Link DIR-3040 wireless routers.

Description

Cisco Talos security research has discovered multiple vulnerabilities on D-Link DIR-3040 Wireless Routers running firmware v1.13B03 and below. The identified vulnerabilities could allow an attacker to remotely execute arbitrary code, execute root level commands, leak syslog and router management information and cause Denial of Service (DoS).

The first and most critical of these vulnerabilities (CVE-2021-21820) is a hard-coded password flaw that exists in the Libcli Test Environment functionality of the D-Link DIR-3040 v1.13B03 router. This vulnerability could be exploited remotely, allowing attackers to bypass authentication and execute arbitrary code or cause DoS issues.

The second flaw (CVE 2021-21818) is another hard-coded password flaw that exists in the Zebra IP Routing Manager functionality of the D-Link DIR-3040 v1.13B03 router. This vulnerability could be exploited remotely as well, however, it can only lead to DoS issues.

Another critical flaw (CVE-2021-21819) is a command injection vulnerability that exists in the Libcli Test Environment functionality of the D-Link DIR-3040 v1.13B03 router. This vulnerability could allow an attacker to remotely execute arbitrary commands at the root level via sending specially crafted network requests.

Lastly, CVE-2021-21816 and CVE-2021-21817 are two information disclosure vulnerabilities. CVE-2021-21817 exists in the Zebra Routing Manager functionality and leads to a high level information disclosure impact while CVE-2021-21816 resides in the Syslog functionality and causes a low level information disclosure impact.

Impact

An unauthenticated attacker who successfully exploits the CVE-2021-21820 can bypass authentication and as a result, execute arbitrary codes remotely or conduct Denial of Service (DoS) attacks via specially crafted network requests.

An unauthenticated attacker who successfully exploits the CVE 2021-21818 can conduct DoS attacks on the router remotely via sending a sequence of specially crafted network requests.

An unauthenticated attacker who successfully exploits the CVE 2021-21819 can conduct root level command injection attacks remotely via specially crafted network requests.

An unauthenticated attacker who successfully exploits the CVE 2021-21817 can sensitive information (router management information) remotely via specially crafted network requests.

An unauthenticated attacker who successfully exploits the CVE 2021-21816 can leak sensitive information (syslog) remotely via specially crafted network requests.

Solution (Hotfix)

D-Link has issued a hotfix to address address the vulnerabilities described. Users are advised to download and apply the hotfix as soon as possible in accordance with the D-Link security advisory.

The Internet of Things (IoT) devoid of comprehensive security management is tantamount to the Internet of Threats.

Stephane Nappo

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

• https://nvd.nist.gov (CVE-2021-21816)
• https://nvd.nist.gov (CVE-2021-21817)
• https://nvd.nist.gov (CVE-2021-21818)
• https://nvd.nist.gov (CVE-2021-21819)
• https://nvd.nist.gov (CVE-2021-21820)
• D-Link Security Advisory (DIR-3040 Hotfix)
• Cisco Talos Security Intelligence (D-Link DIR-3040)

You can also read our article How to Secure Your Home WiFi Router in 15 Simple Steps? to learn more about WiFi router security.