Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

D-Link fixes authentication bypass security bug in its firmware

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 27, 2017

Earlier this morning, D-Link has confirmed it has patched an authentication bypass security vulnerability in one of its enterprise networking 1 Gb switches.

Initially discovered by security worker Varang Amin, the security bugs in the vendor's DGS-1510 enterprise switch kit were patched with a firmware update late last night.

Left unresolved, the security flaw can easily create an unauthenticated command bypass and presents a critical and unauthenticated information disclosure risk to sensitive data.

"A potential hacker can exploit the authentication bypass security vulnerabilities to execute remote and local (127.0.0.1) commands on the D-Link enterprise switch," Amin asserted us today.

D-Link's advisory on the CVE-2017-6206 security vulnerability can be found on its website.

Overall, the DGS-1510 websmart switch series firmware has been known in the field to have a few security bugs. The vulnerabilities include unauthenticated command bypass and unauthenticated data disclosure.

D-Link releases the security patch as a beta but the range of attacks possible on unpatched systems, as outlined by Amin, make it a candidate for an immediate update, rather than doing it later.

A variety of potential security exploits would be possible on vulnerable switches including extracting configuration files containing network information or adding a new admin account before taking the full control of the switch, Amin asserted.

"The vulnerability can be exploited from any remote location on the internet," Amin added. "The PoC highlights that fact. We have found dozens of these systems available on the Web, but we do not have exact numbers as we did not conduct any specific tests to obtain the numbers."

Amin and his colleagues plan to make the PoC code they have developed available for penetration testers and researchers for utilization during assessments or in follow-up research into the security of embedded devices at a later date.

Source: D-Link LLC.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer