Vulnerability of D-link Wi-Fi range extender to command injection attacks

Nowadays, the command injection vulnerability is in the D-Link DAP-X1860 range extender that permits malicious actors to implement the remote code on high-flown gadgets.  

In addition, it considers the trendy choice among users on Amazon with thousands of reviews, so the product now mentioned as available on D Link’s professional site. Moreover, this command injection vulnerability perceives in the Wi-Fi network scanning process and allows DoS (Denial of Service) attacks. 

However, the crew of German Researchers (Red Team) uncovered this vulnerability and named it CVE-2023-45208. This susceptibility is analyzed with severity and no fixes have been released. 

Vulnerability Attributes

As discussed above, the issue lies in the Wi-Fi network functionality in D-Link DAP-X1860 and its incapability to dissect the SSIDs that contain a single tick in the name(‘). Similarly, this sign misinterprets the command terminator. 

Technically speaking, the issue arises from the 'parsing_xml_stasurvey' function  in the libcgifunc. so library which includes a system command for implementation.
 
What can a cyber attacker do?

In addition, due to the lack of SSID purification, an attacker can easily misuse this property for malicious operations. An attacker within the range of an extender can create a WiFi network with a deceptive name, like 'Olaf's Network,' which includes a tick in the name. Therefore, the device will fail to work normally if it tries to connect to that SSID and produces an "Error 500: Internal Server Error".

However, if an attacker puts on the second section to the SSID which contains a shell command, it separates by “& &” like “Test’ && uname- a &&”. Hence, the extender will mislead to implement the ‘uname- a’ command on the setup or network scan. Therefore, these vulnerabilities pose threat to your internet security. 

Additionally, an attacker could potentially probe other devices connected to the extender and further their network infiltration by running all necessary procedures on the extender with administrator privileges, including any commands administered by external threat actors.

However, a de-authentication attack can force a network scan on the target device, which is the hardest precondition for the attack. 

Generally, several types of software are available in the market that can generate or send de-authentication packets. Likewise, these unauthenticated packets will disconnect it from its main network and force the target to perform a network scan. Additionally, the German Red team brought to light this flaw in May 2023 and noted it to D-link. 

Besides this, even with multiple follow-ups, no reply was ever given. Hence, this scenario shows that D-link DAP-X1860  is still susceptible to attack and almost a simple misuse operation can make the condition risky. 

Recommendations to the DAP-X1860 owners

On the other hand, the owners of the DAP-X1860 encourage limiting the manual network scans and whenever the extender is not being actively used, turn it off to prevent sudden disconnects. 

In addition, they also get advice on placing the IoT devices and range extenders separate from the sensitive gadgets that hold personal and professional work data. All in all, these recommendations may help to reduce the cybersecurity concerns for the DAP-X1860.