One more backdoor in D-Link DIR-620 (RevG) #CVE201812676
As I mentioned, #CVE201812677 exposures a config-file. I found there the strange account with “support<substring>”. The creds for web-dashboard are hardcoded for ISP support purposes.
Update and restore to factory settings
Thank you #ISCR2018 for the opportunity to share an expertise with the high-motivated audience. Probably, it will change something in their way of thinking. Anyway, the gift from Tokyo Cybercrimes Control Division gives me hope.
Next week at Seoul I will present at "International Symposium on Cybercrime Response" the following topic: “Tracking Cybercrime in IoThreat Era”. Within the presentation I will focus on IoT-related issues on perimeter, how to identify them and how to mislead the attacker.
New vulnerabilities in D-Link DIR-620 (RevG).
#CVE201812677 exposes all user credentials in config-file (plaintext) inside the firmware. It wouldn’t be so critical if part of the file was not stored in JS-variable, that available for unauthenticated user (#CVE201812419).