Date: 08 July 2014
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
DWR-113 Rev. Ax - CSRF causing Denial of Service - FW v. 2.02 or older
8 July 2014
AusCERT Security Bulletin Summary
Product: D-Link DWR-113 Rev. Ax firmware
Operating System: Network Appliance
Impact/Access: Cross-site Request Forgery -- Remote with User Interaction
CVE Names: CVE-2014-3136
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Advisories > SAP10034
DWR-113 Rev. Ax - CSRF causing Denial of Service - FW v. 2.02 or older
Publication ID: SAP10034
Resolved Status: Yes
Published on: 2 July 2014 4:34 GMT
Last updated on: 2 July 2014 4:43 GMT
The DWR-113 Rev. Ax firmware 2.02 and older is susceptible to CSRF
vulnerability, which allow an attacker to forge HTML forms and execute actions
in an authorized (logged in) browser session. These vulnerabilities allows an
attacker to perform denail of service exploits that may cause the device to be
D-Link Security Incident Reponse Policy
All public communication on this issue will be offered at
Our security response team can be contacted for incident information or to
report incidents at email@example.com
Any non-critical security issue, help in updating firmware, or configuration
regarding this issue please contact your D-Link Customer care channel.
Author - Blessen Thomas - firstname.lastname@example.org
Security and performance is of the utmost importance to D-Link across all
product lines. This is not just through the development process but also
through regular firmware updates to comply with the current safety and quality
standards. We are proactively working with the sources of these reports as well
as continuing to review across the complete product line to ensure that the
vulnerabilities discovered are addressed. We will continue to update this page
to include the relevant product firmware updates addressing these concerns.
In the meantime, you can exercise the below cautions to avoid unwanted
intrusion into your D-Link product.
Immediate Recommendations for all D-Link router customers
Do not enable the Remote Management feature since this will allow malicious
users to use this exploit from the internet. Remote Management is default
disabled on all D-Link Routers and is included for customer care
troubleshooting if useful and the customer enables it.
If you receive unsolicited e-mails that relates to security vulnerabilities
and prompt you to action, please ignore it. When you click on links in such
e-mails, it could allow unauthorised persons to access your router. Neither
D-Link nor its partners and resellers will send you unsolicited messages
where you are asked to click or install something.
Make sure that your wireless network is secure.
Do not provide your admin password to anyone. If required we suggest updating
the password frequently.
We encourage you to contact the author for further infomation at
email@example.com. The other can provide furhter details.
In order to avoid miscommunication the following is taken directly from the
It was observed that the D-link DWR-113 wireless router is vulnerable to
denial of service attack via CSRF(Cross-Site Request Forgery) vulnerability.
An attacker could craft a malicious CSRF exploit to change the password in the
password functionality when the user(admin) is logged in to the application
,as the user interface (admin panel) lacks the csrf token or nonce to prevent
an attacker to change the password.
Attacker can manipulate user data via sending him malicious crafted url.
As a result, as soon as the crafted malicious exploit is executed the router
is rebooted and the user is forced to wait for a few minutes so that the
changes could be made in the settings of the router.
Now it is observed that even though the attacker's password doesn't work ,
neither does the user's current password work and the user tries a lot to get
logged to the interface admin panel of the router using the user's current
Finally the user is forced to reset the router's device physically, thus
leading to a denial of service condition.
Every time the user is forced to reset the device manually which is a
Proof of Concept code (exploit)
Restart Router by CSRF
<!-- CSRF PoC --->
<input type="hidden" name="S00010002" value="test" />
<input type="hidden" name="np2" value="test" />
<input type="hidden" name="N00150004" value="0" />
<input type="hidden" name="N00150001" value="" />
<input type="hidden" name="N00150003" value="1080" />
<input type="hidden" name="_cce" value="0x80150002" />
<input type="hidden" name="_sce" value="%Ssc" />
<input type="submit" value="Submit request" />
Model Name DWR-113
HW Version Ax
Current FW Version v. 2.02 and older
New FW Version for this Firmware: v. 2.03b02
exploit fix Release Notes
Security patch for your D-Link router
These firmware updates address the security vulnerabilities in affected D-Link
routers. D-Link will update this continually and we strongly recommend all
users to install the relevant updates.
As there are different hardware revisions on our products, please check this on
your device before downloading the correct corresponding firmware update. The
hardware revision information can usually be found on the product label on the
underside of the product next to the serial number. Alternatively, they can
also be found on the device web configuration.
To update the firmware please log-in to the Web-GUI interface of your device, from the menu select Maintanence -> System -> Upgrade Firmware. If you require help please contact your regional D-Link customer care website for options.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to firstname.lastname@example.org
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----