Dlink router with HNAP vulnerability

Posted on January 11, 2010 by brainfold Leave a comment

A flawed implementation of the Home Network Administration Protocol (HNAP) reportedly allows attackers to gain unauthorised admin access to numerous D-Link router models

SourceSec Security research webpages claims finding a flaw in D-Link’s CAPTCHA implementation, around a way to view and edit D-Link router settings without any administrative credentials.

Simply said,  D-Link routers have a second administrative interface, which uses the Home Network Administration Protocol. While HNAP does require basic authentication, the mere existence of HNAP on D-Link routers allows attackers and malware to bypass CAPTCHA “security”. Further, HNAP authentication is not properly implemented, allowing anyone to view and edit administrative settings on the router.

For detailed vulnerability summary click there pdf


[ad#Google Adsense Text and Image Adds]

Related Posts with Thumbnails

Breaches and Exploits, Hacking, Risk, Security Tips ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>