TCP 8832

Overview:
TCP ports 4444, 8099, 8456, 8832 and 9393 are open in D-Link DIR-615 Wireless N 300 router. The above mentioned ports could be used for a remote connection by HTTP or Telnet protocols.

Description:
TCP ports 4444, 8099, 8456, 8832 and 9393 are open in D-Link DIR-615 Wireless N 300 router.

TCP 4444: A remote connection attempt to this port returns the following reply from the device that appears to be in XML format:

−<soap:Envelope soap:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”>

−<soap:Body>

−<soap:Fault>

<faultcode>s:Client</faultcode>

<faultstring>UPnPError</faultstring>

−<detail>

−<UPnPError>

<errorCode>500</errorCode>

<errorDescription>Invalid Action</errorDescription>

</UPnPError>

</detail>

</soap:Fault>

</soap:Body>

</soap:Envelope>

This port has been registered with IANA for krb524.

TCP 8099: A remote connection attempt to this port returns the following reply from the device that appears to be in XML format and contain the device setting:

−<soap:Envelope soap:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”>

−<soap:Body>

−<GetDeviceSettingsResponse>

<GetDeviceSettingsResult>OK</GetDeviceSettingsResult>

<Type>GatewayWithWiFi</Type>

<DeviceName>D-Link Systems DIR-615</DeviceName>

<VendorName>D-Link Systems</VendorName>

<ModelDescription>Wireless N Router</ModelDescription>

<ModelName>DIR-615 B2</ModelName>

<FirmwareVersion>2.25, 2008/05/16</FirmwareVersion>

<PresentationURL>/Status/Device_Info.shtml</PresentationURL>

−<SOAPActions>

<string>http://purenetworks.com/HNAP1/GetDeviceSettings</string>

<string>http://purenetworks.com/HNAP1/SetDeviceSettings</string>

<string>http://purenetworks.com/HNAP1/GetWanSettings</string>

<string>http://purenetworks.com/HNAP1/SetWanSettings</string>

<string>http://purenetworks.com/HNAP1/GetWanStatus</string>

−<string>

http://purenetworks.com/HNAP1/RestoreFactoryDefaults

</string>

<string>http://purenetworks.com/HNAP1/IsDeviceReady</string>

<string>http://purenetworks.com/HNAP1/Reboot</string>

<string>http://purenetworks.com/HNAP1/AddPortMapping</string>

<string>http://purenetworks.com/HNAP1/DeletePortMapping</string>

<string>http://purenetworks.com/HNAP1/GetPortMappings</string>

<string>http://purenetworks.com/HNAP1/GetMACFilters2</string>

<string>http://purenetworks.com/HNAP1/SetMACFilters2</string>

<string>http://purenetworks.com/HNAP1/GetRouterLanSettings</string>

<string>http://purenetworks.com/HNAP1/SetRouterLanSettings</string>

<string>http://purenetworks.com/HNAP1/GetConnectedDevices</string>

<string>http://purenetworks.com/HNAP1/GetNetworkStats</string>

<string>http://purenetworks.com/HNAP1/GetWLanSettings24</string>

<string>http://purenetworks.com/HNAP1/SetWLanSettings24</string>

<string>http://purenetworks.com/HNAP1/GetWLanSecurity</string>

<string>http://purenetworks.com/HNAP1/SetWLanSecurity</string>

</SOAPActions>

<SubDeviceURLs/>

−<Tasks>

−<TaskExtension>

<Name>Wireless Settings</Name>

<URL>/Basic/Wireless.shtml</URL>

<Type>Browser</Type>

</TaskExtension>

−<TaskExtension>

<Name>Block Network Access</Name>

<URL>/Advanced/MAC_Address_Filter.shtml</URL>

<Type>Browser</Type>

</TaskExtension>

−<TaskExtension>

<Name>Parental Controls</Name>

<URL>/Advanced/Access_Control.shtml</URL>

<Type>Browser</Type>

</TaskExtension>

−<TaskExtension>

<Name>D-Link Tech Support</Name>

−<URL>

http://support.dlink.com/products/view.asp?productid=DIR%2D635

</URL>

<Type>Browser</Type>

</TaskExtension>

−<TaskExtension>

<Name>Reboot Router</Name>

<URL>/Tools/System.shtml</URL>

<Type>Silent</Type>

</TaskExtension>

</Tasks>

</GetDeviceSettingsResponse>

</soap:Body>

</soap:Envelope>

This port has not been registered with IANA.

TCP 8456: A remote connection attempt with telnet to this port returns the following error after a successful connection:

HTTP/1.1 501 Internal Server Error

SERVER: ipOS/7.4 UPnP/1.0 ipGENADevice/1.0

HTTP/1.1 500 Server Error

This port has not been registered with IANA.

TCP 8832: A remote connection attempt by telnet to this port returns the following error after a successful connection:

HTTP/1.1 500 Server Error

This port has not been registered with IANA.

TCP 9393: A remote connection attempt by telnet to this port returns the following error after a successful connection:

HTTP/1.1 501 Internal Server Error

SERVER: ipOS/7.4 UPnP/1.0 ipGENADevice/1.0

HTTP/1.1 500 Server Error

This port has not been registered with IANA

Impact:
The above mentioned ports provide remote access to the attacker and reveal technical information about the device and its configurations. Further, ports 8456, 8832 and 9393 could be used for a denial of service attack

Solution:
I am currently unaware of a solution to this problem.

Vendor Information:
http://www.dlink.com/products/?pid=565

Product Details:
D-Link Wireless access point
Product Page DIR-615
Hardware Version :B2
Firmware Version: 2.25

CERT(R) Coordination Center Tracking Code: VU#944927 Date: 01/10/2010