The popular D-Link DAP-X1860 WiFi 6 range extender has vulnerabilities that could allow DoS (denial of service) attacks and remote command injection.
This product is currently listed as available on D-Link’s site and has thousands of reviews on Amazon, making it a popular choice among consumers.
Despite the German team of researchers (RedTeam) who discovered the vulnerability, tracked as CVE-2023-45208, attempting to alert D-Link multiple times, the vendor remained silent and no fix was released. It is reported that it has not been done.
Vulnerability details
The problem lies with the D-Link DAP-X1860’s network scanning functionality, specifically that it cannot parse SSIDs that contain a single checkmark (‘) in their name and incorrectly interpret them as command terminators.
Technically, the issue is due to the “parsing_xml_stasurvey” function in the libcgifunc.so library. This function contains system commands for execution.
However, this product does not have SSID sanitization functionality, which could easily be exploited by attackers for malicious purposes.
An attacker within range of the extender can set up a WiFi network and inadvertently give it a name similar to one that the target is familiar with, but the name may be unchecked, such as “Olaf’s Network.” Contains marks.
When the device tries to connect to that SSID, it gets an “Error 500: Internal Server Error” and doesn’t work properly.
If an attacker adds a second section to the SSID containing shell commands separated by ‘&&’, such as ‘Test’ && uname -a &&’, the extender will run the ‘uname -a’ command during setup/network scanning. Be tricked into doing it. .
All processes on the extender, including commands injected by external threat actors, run with root privileges, allowing attackers to explore other devices connected to the extender and further compromise your network. may be possible.
The most difficult prerequisite for an attack is forcing a network scan on the target device, which can be accomplished by performing a deauthentication attack.
Several readily available software tools can generate and send deauthentication packets to the extender, causing the extender to disconnect from the main network and forcing the target to perform a network scan.
RedTeam researchers discovered this flaw in May 2023 and reported it to D-Link, but despite multiple follow-up investigations, they received no response.
This means that D-Link DAP-X1860 is still vulnerable to attacks and the situation is dangerous due to relatively simple exploitation mechanisms.
DAP-X1860 extender owners are advised to limit manual network scans, treat sudden disconnections as suspicious, and turn off the extender when not in active use.
Also consider placing IoT devices and range extenders on a separate network, isolated from sensitive devices that hold personal or work data.
