Overview:
TCP ports 4444, 8099, 8456, 8832 and 9393 are open in D-Link DIR-615 Wireless N 300 router. The above mentioned ports could be used for a remote connection by HTTP or Telnet protocols.
Description:
TCP ports 4444, 8099, 8456, 8832 and 9393 are open in D-Link DIR-615 Wireless N 300 router.
TCP 4444: A remote connection attempt to this port returns the following reply from the device that appears to be in XML format:
−<soap:Envelope soap:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”> −<soap:Body> −<soap:Fault> <faultcode>s:Client</faultcode> <faultstring>UPnPError</faultstring> −<detail> −<UPnPError> <errorCode>500</errorCode> <errorDescription>Invalid Action</errorDescription> </UPnPError> </detail> </soap:Fault> </soap:Body> </soap:Envelope>
This port has been registered with IANA for krb524.
TCP 8099: A remote connection attempt to this port returns the following reply from the device that appears to be in XML format and contain the device setting:
−<soap:Envelope soap:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”> −<soap:Body> −<GetDeviceSettingsResponse> <GetDeviceSettingsResult>OK</GetDeviceSettingsResult> <Type>GatewayWithWiFi</Type> <DeviceName>D-Link Systems DIR-615</DeviceName> <VendorName>D-Link Systems</VendorName> <ModelDescription>Wireless N Router</ModelDescription> <ModelName>DIR-615 B2</ModelName> <FirmwareVersion>2.25, 2008/05/16</FirmwareVersion> <PresentationURL>/Status/Device_Info.shtml</PresentationURL> −<SOAPActions> <string>http://purenetworks.com/HNAP1/GetDeviceSettings</string> <string>http://purenetworks.com/HNAP1/SetDeviceSettings</string> <string>http://purenetworks.com/HNAP1/GetWanSettings</string> <string>http://purenetworks.com/HNAP1/SetWanSettings</string> <string>http://purenetworks.com/HNAP1/GetWanStatus</string> −<string> http://purenetworks.com/HNAP1/RestoreFactoryDefaults </string> <string>http://purenetworks.com/HNAP1/IsDeviceReady</string> <string>http://purenetworks.com/HNAP1/Reboot</string> <string>http://purenetworks.com/HNAP1/AddPortMapping</string> <string>http://purenetworks.com/HNAP1/DeletePortMapping</string> <string>http://purenetworks.com/HNAP1/GetPortMappings</string> <string>http://purenetworks.com/HNAP1/GetMACFilters2</string> <string>http://purenetworks.com/HNAP1/SetMACFilters2</string> <string>http://purenetworks.com/HNAP1/GetRouterLanSettings</string> <string>http://purenetworks.com/HNAP1/SetRouterLanSettings</string> <string>http://purenetworks.com/HNAP1/GetConnectedDevices</string> <string>http://purenetworks.com/HNAP1/GetNetworkStats</string> <string>http://purenetworks.com/HNAP1/GetWLanSettings24</string> <string>http://purenetworks.com/HNAP1/SetWLanSettings24</string> <string>http://purenetworks.com/HNAP1/GetWLanSecurity</string> <string>http://purenetworks.com/HNAP1/SetWLanSecurity</string> </SOAPActions> <SubDeviceURLs/> −<Tasks> −<TaskExtension> <Name>Wireless Settings</Name> <URL>/Basic/Wireless.shtml</URL> <Type>Browser</Type> </TaskExtension> −<TaskExtension> <Name>Block Network Access</Name> <URL>/Advanced/MAC_Address_Filter.shtml</URL> <Type>Browser</Type> </TaskExtension> −<TaskExtension> <Name>Parental Controls</Name> <URL>/Advanced/Access_Control.shtml</URL> <Type>Browser</Type> </TaskExtension> −<TaskExtension> <Name>D-Link Tech Support</Name> −<URL> http://support.dlink.com/products/view.asp?productid=DIR%2D635 </URL> <Type>Browser</Type> </TaskExtension> −<TaskExtension> <Name>Reboot Router</Name> <URL>/Tools/System.shtml</URL> <Type>Silent</Type> </TaskExtension> </Tasks> </GetDeviceSettingsResponse> </soap:Body> </soap:Envelope>
This port has not been registered with IANA.
TCP 8456: A remote connection attempt with telnet to this port returns the following error after a successful connection:
HTTP/1.1 501 Internal Server Error SERVER: ipOS/7.4 UPnP/1.0 ipGENADevice/1.0 HTTP/1.1 500 Server Error
This port has not been registered with IANA.
TCP 8832: A remote connection attempt by telnet to this port returns the following error after a successful connection:
HTTP/1.1 500 Server Error
This port has not been registered with IANA.
TCP 9393: A remote connection attempt by telnet to this port returns the following error after a successful connection:
HTTP/1.1 501 Internal Server Error SERVER: ipOS/7.4 UPnP/1.0 ipGENADevice/1.0 HTTP/1.1 500 Server Error
This port has not been registered with IANA
Impact:
The above mentioned ports provide remote access to the attacker and reveal technical information about the device and its configurations. Further, ports 8456, 8832 and 9393 could be used for a denial of service attack
Solution:
I am currently unaware of a solution to this problem.
Vendor Information:
http://www.dlink.com/products/?pid=565
Product Details:
D-Link Wireless access point
Product Page DIR-615
Hardware Version :B2
Firmware Version: 2.25
CERT(R) Coordination Center Tracking Code: VU#944927 Date: 01/10/2010