A security researcher has disclosed details of a spate of vulnerabilities in routers made by D-Link and Comba, making it easy to see usernames and passwords.
A team of forensic experts has as many as five security faults which involve the unsafe storage of identifications. In some cases, passwords are stockpiled in plain text and can be seen by anyone with network or internet access to the routers in question.
In a blog post, SpiderLabs’ Karl Sigler says that the D-Link DSL-2875AL dual band wireless AC750 ADSL2+ modem is one of the impacted devices. “At least versions 1.00.01 & 1.00.05 are affected and likely others as well as he was unable to test all versions. That router model contains a password disclosure vulnerability in the file romfile.cfg. This file is available to anyone with access to the web-based management IP address and does not require any authentication. The path to the file is https://[router ip address]/romfile.cfg and the password is stored in clear text there”.
For the DSL-2875AL and also the DSL-2877AL, Kenin found that the source code of the router login page exposed the username and password linked to the internet connection.
D-Link has issued updates for both devices, but it comes eight months after SpiderLabs warned the company to the glitches. Sigler writes:
“D-Link’s response to these findings was confusing and unfortunately very typical for organizations that are not set up to accept security problems from third party researchers like Trustwave SpiderLabs. After an initial response confirming receipt and escalation for these findings, they claimed they were unable to escalate the issue with their R&D group within the 90-day window outlined in our Responsible Disclosure policy. We provided them a rather lengthy extension to that window, but they eventually simply stopped responding entirely. However, days before releasing these advisories, D-Link provided information that the issues have been fixed.”
Owners of the affected Comba devices have been unlucky. SpiderLabs says: “there is not much in the way of mitigating the Comba Telcom findings. After reaching out multiple times, Comba Telcom was simply unresponsive”.