Automated analysis discovered vulnerabilities in router firmware

Mar

1

2016

with an automated analysis system vulnerabilities, researchers from Carnegie Mellon and Boston University have discovered in routers from Netgear and D-Link. The analysis is called Firmadyne. The researchers examined nearly 9,500 firmware images.

In total, the researchers used 23,000 firmware images, collected from 42 different manufacturers of devices with embedded firmware. Firmadyne could figure out which 9486 images 887 images were vulnerable to one of 74 known exploits. In addition, the researchers found 14 previously unknown exploits in 69 firmware images that were used by 12 products.

The framework automatically runs on Linux-based firmware that is designed for embedded devices in an environment that is emulated. Firmadyne then performs a number of safety tests, including tests for known exploits.

Some were found vulnerabilities in devices from Netgear and D-Link. The model numbers of these devices have separately announced the authors of the paper at Seclist.org . The researchers warned both Netgear and D-Link, but still only got Netgear comment. Netgear will be February end bring out a firmware update for the WN604-wireless access. The other devices will not mid-March to get an update.

Some of the devices from Netgear is susceptible to SQL injection CVE-2016-1555. The vulnerabilities arise mainly in devices that are configured so that they can be managed over the internet. Netgear devices that are sensitive, bearing the model numbers WN604, WN802Tv2, WNAP210, WNAP320, WNDAP350 and WNDAP360. Allen and the WNDAP930 except WN802Tv2 also have web pages that are accessible without authentication, allowing the pin for WPS-mode can be visible.

The devices from D-Link that are vulnerable, the D-Link DAP-2310 DAP-2330 DAP-2360, DAP-2553, DAP-2660 DAP-2690 and DAP-2695. These devices suffer from a buffer overflow vulnerability when dlink_uid cookie is processed. Three other D-Link devices and three show Netgear wireless passwords using the SNMP protocol. This is the DAP-1353, DAP-2553, DAP-3520, WNAP320, WNDAP350 and WNDAP360.

Firmadyne as open source project released on GitHub, in addition to a research paper entitled “Towards Automated Dynamic Analysis for Linux-based Embedded Firmware”. Of the 887 firmwares most were from Netgear and D-Link. Some other brands where by Firmadyne found exploits in appearance, are Belkin, Huawei, Linksys, On Networks, Tomato by Shibby, TP-Link, TRENDnet and ZyXEL. For the full list, see page 16 in the paper .

Viewing:-170

In: Technology & Gadgets Asked By: [15187 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »