Vulnerabilities in some D-Link and Comba routers reveal credentials in format of plain text

Trustwave specialists discovered a number of vulnerabilities in D-Link and Comba Telecom routers. Bugs allow extracting data from Internet providers and access passwords from devices without authentication.

After examining the D-Link DSL-2875AL router, the researchers found out that it is affected by the same problem that other devices of the manufacturer are vulnerable to: they give access to all router settings by requesting the romfile.cfg file. Authentication is not required for this, and the Wi-Fi password is stored in text format.

“After a valid login of the administrator the web panel does not distinguish valid HTTP requests from the admin and the ones that come from other users. This way, an attacker can script an automatic routine that perform unwanted actions such as arbitrary modifications to router and SSIDs passwords and configurations”, — reported Trustwave researchers.

Additionally, the D-Link DSL-2875AL and DSL-2877AL models were vulnerable to the problem of data disclosure. The fact is that just by studying the HTML code of the login page, you can find two lines that correspond to the credentials of the Internet provider.

D-Link was informed about these bugs back in January of this year, and this month the manufacturer prepared patches for the DSL-2875AL and DSL-2877AL models.

However, problems with remote access and password disclosure were also found in the products of the manufacturer Comba Telecom: vulnerabilities were found in Wi-Fi controllers AC2400, as well as access points AP2600-I-A02 and AP2600. It is important to note that these products are not intended for home users, but for cases when it is necessary to expand the Wi-Fi coverage area and serve a large number of users.

The disclosure of confidential data in these cases is also possible without authentication: by sending a special request and downloading the configuration file, as well as viewing the source HTML code of the administration console. Depending on the vulnerability used, attackers may need to crack passwords in MD5, but not it does not present significant problem.

Read also: Free Windows Rat Trojan NanoCore May Cause Outbreak

Unlike D-Link, Comba Telecom representatives did not respond to requests from Trustwave experts, although researchers tried to contact the company since February 2019. Currently, there are still no patches for problematic devices.