A Security Researcher Michael Messner has identified multiple vulnerabilities in D'Link DIR-600 and DIR-300 routers that allows hackers to execute arbitrary shell commands.
According to researcher blog post, the vulnerability is caused by missing access restrictions and missing input validation in the cmd parameter .
The OS Command Injection vulnerability allows attacker to start telnetd to compromise the device.
CSRF vulnerability: For changing the password, there is no request to the current password. So, a hacker can change the password without knowing the current password, by sending malicious script to victim that sends request to change the password.
The researcher identified that there is no password hashing implemented and saves root password in plain text in the var/passwd file.
According to H-online report, a hacker can exploit the vulnerability for redirecting a router's entire internet traffic to a third-party server.
Messner send notification about the vulnerability to D-Link but they responded that the issue is browser related and they will not provide a fix.
