A group of researchers from Germany has discovered that one of the most popular WiFi 6 extenders on the market is exposed to security problems. Although they have alerted the manufacturer before revealing it publicly, the company does not seem to have responded to them.
It is not the first time that an incident of this type has occurred and, once again, it has had to be security specialists who discover it. In this case, the device that is in trouble is the famous D-Link DAP-X1860 extender, which supports a WiFi 6 connection and is located available on Amazon with around 3,000 reviews and a current score of almost 4 stars.
What is happening?
As mentioned by the RedTeam security group, and as they have registered in the error CVE-2023-45208, what happens with the extender is that it is vulnerable to suffering DoS attacks. It has also been indicated that hackers who attack these devices could activate remote commands and use the terminal for their own purposes.
Those who have discovered the security problem claim that they have notified D-Link on several occasions, but have never received a response. Therefore, they have decided to make it public. However, it would be necessary to see if the company has not really issued a response or if they are already working on a solution as has happened on other occasions. After all, the manufacturer is the last one interested in this type of information continuing to circulate, so the solution is surely very close.
This is the vulnerability
What they explain in the information they have published is that this extender model is not prepared to carry out the analysis of network identifiers that include the “‘” symbol in their name. This generates an error, since the extender detects it as a command that terminates the process without performing the corresponding analysis operation. In principle, the solution should not be complicated, since as security experts have mentioned, everything seems to be related to the code that includes the parsing_xml_stasurvey function.
They say that, at least, the way to attack the extender and its security is not so practical that hackers can do it remotely to the thousands of users who have D-Link equipment. In reality, to perform the attack, the hacker has to be within a short range of the extender. Once the distance is guaranteed, the attacker creates a fake WiFi network that has a name that confuses the user, including the “‘” symbol to carry out his hacking action. When the extender tries to connect, an error 500 will occur as you can see in the image below and will cause the system to not work correctly.
From that point, the attacker could take control of the connected devices and the network in general. The most dangerous thing is that the access provided to the hacker is with root permissions, so they will not encounter any type of obstacle. And although it is true that it is not easy to carry out the attack, because the extender must be forced to analyze the WiFi network that has been configured, hackers are already aware that they can use many tools to do so.
RedTeam says that they notified D-Link of this problem months ago and that, for now, it continues to be present without a response from the manufacturer. As we told you, you don’t have to worry as much as with other vulnerabilities, but it is recommended to keep your eyes open. Specialists recommend being attentive to situations in which disconnections occur for no apparent reason and also trying to limit the occasions in which the extender performs a network analysis. Another good idea is that, when we are not using the WiFi Mesh extender, we have it turned off. This way we will minimize the chances of having problems.
