SourceSec writes in their blog about vulnerabilities in D-Link routers' HNAP (Home Network Administration Protocol) implementations. "While HNAP does require basic authentication, the mere existence of HNAP on D-Link routers allows attackers and malware to bypass CAPTCHA “security”. Further, HNAP authentication is not properly implemented, allowing anyone to view and edit administrative settings on the router."
SourceSec has verified that vulnerabilities exist in the HNAP implementations of the DI-524, DIR-628 and DIR-655 routers. They also suspect that in worst case all D-Link routers since 2006 could be affected.
Full writeup can be read here.
Monday, January 18, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment