The favored D-Hyperlink DAP-X1860 WiFi 6 vary extender is vulnerable to a vulnerability permitting DoS (denial of service) assaults and distant command injection.
The product is at the moment listed as accessible on D-Hyperlink’s web site and has hundreds of critiques on Amazon, so it is a standard alternative amongst customers.
A crew of German researchers (RedTeam) who found the vulnerability, tracked as CVE-2023-45208, report that regardless of their makes an attempt to alert D-Hyperlink a number of occasions, the seller has remained silent, and no fixes have been launched.
The issue lies within the community scanning performance of D-Hyperlink DAP-X1860, particularly, the lack to parse SSIDs containing a single tick (‘) within the identify, misinterpreting it as a command terminator.
Technically, the issue originates from the ‘parsing_xml_stasurvey’ operate within the libcgifunc.so library, which accommodates a system command for execution.
Nevertheless, given the product’s lack of SSID sanitization, an attacker can simply abuse this function for malicious functions.
An attacker inside the extender’s vary can arrange a WiFi community and deceptively identify it much like one thing the goal is conversant in however embody a tick within the identify, like ‘Olaf’s Community,’ for instance.
When the machine makes an attempt to hook up with that SSID, it would produce an “Error 500: Inner Server Error”, failing to function usually.
If the attacker provides a second part to the SSID that accommodates a shell command separated by “&&” like “Take a look at’ && uname -a &&”, the extender will probably be tricked to execute the ‘uname -a’ command upon setup/community scan.
All processes on the extender, together with any instructions injected by exterior menace actors, are run with root privileges, probably permitting the attackers to probe different units related to the extender and additional their community infiltration.
The toughest prerequisite for the assault is forcing a community scan on the goal machine, however that is doable by performing a deauthentication attack.
A number of available software program instruments can generate and ship deauth packets to the extender, inflicting it to disconnect from its predominant community and forcing the goal to carry out a community scan.
RedTeam researchers found the flaw in Could 2023 and reported it to D-Hyperlink, however regardless of a number of follow-ups, no reply was ever obtained.
Which means that D-Hyperlink DAP-X1860 continues to be susceptible to assaults, and the comparatively easy exploitation mechanism makes the scenario dangerous.
Homeowners of DAP-X1860 extenders are really useful to restrict handbook community scans, deal with sudden disconnections suspiciously, and switch off the extender when not actively used.
Additionally, contemplate putting IoT units and vary extenders on a separate community remoted from delicate units holding private or work knowledge.