Date: 22 Aug 2002 07:06:48 -0000
From: Jens Jensen <jpj@netcom-usa.com>
To: bugtraq@securityfocus.com
Subject: possible exploit: D-Link DI-804 unauthorized DHCP release from WAN
Problem: malicious user can release DHCP client on D-Link DI-804 router
interrupting network communications
I need some other D-Link DI-804 users (as well as other dlink routers) to
see if they can reproduce this problem--
With "remote administration" mode enabled to any IP (web interface wide
open
on WAN side), It seems that a malicious user can activate DHCP
release/renew without first being authenticated as the admin (priviledged
user)
the webpage that I can get to on the dlink built in web interface is
http://xxx.xxx.xxx.xxx/release.htm
where xxx.xxx.xxx.xxx is the ip address of your router, specifically for
these purposes, the wan ip address
firmware: 4.68
device: DI-804
This would be a BAD thing, since an attacker could interrupt communications
on the router
This can be temporarily fixed by either disabling "remote administration"
or limiting the IP addresses allowed to remote admin.
I have submitted this to D-Link support.
I'm also wondering what other D-Link routers this could affect.
Jens Jensen
MCP, CCNA
