• Skip to content
  • Skip to primary sidebar

Information Security Expert Blog

Dr. Ali Jahangiri

TCP 8832

D-link DIR-615 Open Ports Vulnerability

October 31, 2010 By Ali Jahangiri

Overview:
TCP ports 4444, 8099, 8456, 8832 and 9393 are open in D-Link DIR-615 Wireless N 300 router. The above mentioned ports could be used for a remote connection by HTTP or Telnet protocols.

Description:
TCP ports 4444, 8099, 8456, 8832 and 9393 are open in D-Link DIR-615 Wireless N 300 router.

TCP 4444: A remote connection attempt to this port returns the following reply from the device that appears to be in XML format:

−<soap:Envelope soap:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”>
−<soap:Body>
−<soap:Fault>
<faultcode>s:Client</faultcode>
<faultstring>UPnPError</faultstring>
−<detail>
−<UPnPError>
<errorCode>500</errorCode>
<errorDescription>Invalid Action</errorDescription>
</UPnPError>
</detail>
</soap:Fault>
</soap:Body>
</soap:Envelope>

This port has been registered with IANA for krb524.

TCP 8099: A remote connection attempt to this port returns the following reply from the device that appears to be in XML format and contain the device setting:

−<soap:Envelope soap:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”>
−<soap:Body>
−<GetDeviceSettingsResponse>
<GetDeviceSettingsResult>OK</GetDeviceSettingsResult>
<Type>GatewayWithWiFi</Type>
<DeviceName>D-Link Systems DIR-615</DeviceName>
<VendorName>D-Link Systems</VendorName>
<ModelDescription>Wireless N Router</ModelDescription>
<ModelName>DIR-615 B2</ModelName>
<FirmwareVersion>2.25, 2008/05/16</FirmwareVersion>
<PresentationURL>/Status/Device_Info.shtml</PresentationURL>
−<SOAPActions>
<string>http://purenetworks.com/HNAP1/GetDeviceSettings</string>
<string>http://purenetworks.com/HNAP1/SetDeviceSettings</string>
<string>http://purenetworks.com/HNAP1/GetWanSettings</string>
<string>http://purenetworks.com/HNAP1/SetWanSettings</string>
<string>http://purenetworks.com/HNAP1/GetWanStatus</string>
−<string>
http://purenetworks.com/HNAP1/RestoreFactoryDefaults
</string>
<string>http://purenetworks.com/HNAP1/IsDeviceReady</string>
<string>http://purenetworks.com/HNAP1/Reboot</string>
<string>http://purenetworks.com/HNAP1/AddPortMapping</string>
<string>http://purenetworks.com/HNAP1/DeletePortMapping</string>
<string>http://purenetworks.com/HNAP1/GetPortMappings</string>
<string>http://purenetworks.com/HNAP1/GetMACFilters2</string>
<string>http://purenetworks.com/HNAP1/SetMACFilters2</string>
<string>http://purenetworks.com/HNAP1/GetRouterLanSettings</string>
<string>http://purenetworks.com/HNAP1/SetRouterLanSettings</string>
<string>http://purenetworks.com/HNAP1/GetConnectedDevices</string>
<string>http://purenetworks.com/HNAP1/GetNetworkStats</string>
<string>http://purenetworks.com/HNAP1/GetWLanSettings24</string>
<string>http://purenetworks.com/HNAP1/SetWLanSettings24</string>
<string>http://purenetworks.com/HNAP1/GetWLanSecurity</string>
<string>http://purenetworks.com/HNAP1/SetWLanSecurity</string>
</SOAPActions>
<SubDeviceURLs/>
−<Tasks>
−<TaskExtension>
<Name>Wireless Settings</Name>
<URL>/Basic/Wireless.shtml</URL>
<Type>Browser</Type>
</TaskExtension>
−<TaskExtension>
<Name>Block Network Access</Name>
<URL>/Advanced/MAC_Address_Filter.shtml</URL>
<Type>Browser</Type>
</TaskExtension>
−<TaskExtension>
<Name>Parental Controls</Name>
<URL>/Advanced/Access_Control.shtml</URL>
<Type>Browser</Type>
</TaskExtension>
−<TaskExtension>
<Name>D-Link Tech Support</Name>
−<URL>
http://support.dlink.com/products/view.asp?productid=DIR%2D635
</URL>
<Type>Browser</Type>
</TaskExtension>
−<TaskExtension>
<Name>Reboot Router</Name>
<URL>/Tools/System.shtml</URL>
<Type>Silent</Type>
</TaskExtension>
</Tasks>
</GetDeviceSettingsResponse>
</soap:Body>
</soap:Envelope>

This port has not been registered with IANA.

TCP 8456: A remote connection attempt with telnet to this port returns the following error after a successful connection:

HTTP/1.1 501 Internal Server Error
SERVER: ipOS/7.4 UPnP/1.0 ipGENADevice/1.0
HTTP/1.1 500 Server Error

This port has not been registered with IANA.

TCP 8832: A remote connection attempt by telnet to this port returns the following error after a successful connection:

HTTP/1.1 500 Server Error

This port has not been registered with IANA.

TCP 9393: A remote connection attempt by telnet to this port returns the following error after a successful connection:

HTTP/1.1 501 Internal Server Error
SERVER: ipOS/7.4 UPnP/1.0 ipGENADevice/1.0
HTTP/1.1 500 Server Error

This port has not been registered with IANA

Impact:
The above mentioned ports provide remote access to the attacker and reveal technical information about the device and its configurations. Further, ports 8456, 8832 and 9393 could be used for a denial of service attack

Solution:
I am currently unaware of a solution to this problem.

Vendor Information:
http://www.dlink.com/products/?pid=565

Product Details:
D-Link Wireless access point
Product Page DIR-615
Hardware Version :B2
Firmware Version: 2.25

CERT(R) Coordination Center Tracking Code: VU#944927 Date: 01/10/2010

Filed Under: D-Link, Vulnerability Tagged With: D-Link, DIR-, router, TCP 4444, TCP 8099, TCP 8456, TCP 8832, TCP 9393, Wireless N 300

Primary Sidebar

Recent Posts

  • Simple PHP Shell Script
  • MasterCard Australia: Untrusted SSL Certificate
  • How to Test Snort with Penetration Testing Tools
  • WordPress NextGEN Gallery Plugin; Directory Browsing Vulnerability
  • Koobface Gangs Investigative Report

Archives

Categories

Links

  • My Facebook Page
  • My Website
  • Privacy

RSS From LiveHacking.com

  • Nmap 7 Released!
  • Apple fixes security vulnerabilities in Safari, OS X, iOS and Apple TV
  • The OpenSSL project releases new versions of its software to squash 12 security vulnerabilities
  • FREAK vulnerability weakens secure Web sites
  • WP-Slimstat vulnerability exposes WordPress websites to SQL injection attacks
  • Google backpedals on its arbitrary vulnerability disclosure policy
  • Cross Site Scripting vulnerability found in IE 11
  • Apple updates iOS, OS X and Apple TV in monster patch release
  • Google discloses three more zero-day vulnerabilities, this time for OS X
  • Microsoft to fix Windows vulnerability that Google publicly disclosed last week

. Copyright 2007 - 2013 Information Security Expert Blog . All Rights Reserved .