Menu principale

Avvisi di sicurezza

Aperto da Pondera, 08 Gennaio 2014, 08:46:39

Pondera



Avvisi di sicurezza

Pondera

Avvisi di sicurezza (Security Advisories)

Fonte Security Event Response Policy
Suspected Security Vulnerability Support and Reporting
It is highly recommended that anyone suspecting a product security issue contact our security event response team. D‐Link encourages reports from any source, including but not limited to customers, vendors, partners, independent researchers, industry organizations, and other sources. If contact is made through other channels, methods, regional offices, customer care there is a strong risk issues may not get the urgency necessary for these reports. The team uses English as a common language but we accept local languages and will translate as needed.

Security Event Response Team Support Information
E-­mail: security(á)dlink.com
Hours: Support requests received via e-­mail are monitored 24/7/365 and are not subject to business and Customer Care hours.

Recognized Event Reports are listed on http://securityadvisories.dlink.com/security/

Reports are typically acknowledged within 24 hours on the above site. Plan of actions are typically offered with in 48 hours of a recognition and posting of a report. All communication to the public will be done thru the report posted above.

General Security-­Related Questions
The D-­Link Customer Care center can provide assistance for all technical and configuration issues related to security matters, as well as with non-sensitive security events including security bug fixes and software upgrades.

Customer Care Contact Points
Phone:
• For US Consumer Retail Products +1 (877) 453-­5465 / For US Business Products +1 (877) 354-­6555 – Business Hours
• For EU Products 0871 873 3000* 9.00 am − 7.00 pm, M-F
• For Canadian Products 1-­800-­361-­5265 English (9am-­8pm EST) & French (12pm-­9pm EST) M-­F
• For All Other Regions please contact D-­Link International @ this website link
E-­mail: support(á)dlink.com
Web: Chat, E-­Mail, Call Numbers
Hours: 24 hours a day, 7 days a week for email and web support

Tracking Security Vulnerability Information from D-­Link
To stay updated with the latest security vulnerability information from D-­Link, please refer to the following:

Direct Internet Contact
Web: support.dlink.com/SecurityAdvisories
E-­mail: Announcement-­Service Q2'2014
RSS: RSS Feed Q2'2014
Twitter: Twitter Feed Q2'2014

Public Relations Contacts for Security Vulnerability Information
D-­Link public relations contacts for security vulnerability information are as follows:

Public Relations Contacts
United States Contact: Daniel Kelley dan.kelley(á)dlink.com
European Union Contact: Mary Harrison mary.harrison(á)dlink.com
Canada Contact: Please Submit by Web
All Others Regions: Dmitri Detwyler dmitri_detwyler(á)dlink.com.tw
Additional Public Relations: press(á)dlink.com




Fonti:
D-Link Italia (Europa) - Informazioni importanti (Tech Alerts)
D-Link USA - Global Security Advisories, Responses, and Notices
FTP USA
Security Event Response Policy

Pondera

Citazione di: Pondera il 21 Dicembre 2014, 08:41:09

Da qualche giorno rimbalza sulla rete - anche quella che parla italiano - il comunicato della multinazionale israeliana che si occupa di sicurezza informatica Check Point (che, tra l'altro, nel 2003 ha acquisito il famoso Zone Alarm mentre nel 2009 la divisione apparecchiature di sicurezza della Nokia) riguardante il biscotto della sfortuna (Misfortune Cookie).
Nello specifico sarebbero affetti da questa potenziale vulnerabilità gli apparecchi che usano nel proprio firmware il server web RomPager di AllegroSoft precedente alla versione 4.34 (e nello specifico 4.07), cioé in buona sostanza i dispositivi con piattaforme TrendChip (poi Ralink e dopo MediaTek). Check Point ha pubblicato un elenco dei dispositivi sospettati di vulnerabilità ma anche un documento su come proteggersi, che in sostanza dice di disabilitare il servizio TR-069.

Questa citazione è della fine del 2014. Nell'estate del 2015 D-Link Europa ha pubblicato il comunicato sulla vulnerabilità di elusione autenticazione Misfortune Cookie/RomPager/Rom-0.
Per questa vulnerabilità esiste una verifica in linea sulla rete all'indirizzo seguente:

http://rom-0.cz/index/

Il comunicato di D-Link EU è stato aggiornato l'08/03/2016 con la stima della disponibilità al 15/04/2016 dei firmware con le correzioni di sicurezza per i modelli fuori produzione basati su TrendChip (MediaTek) TC3162xx & ZyNOS: DSL-2640R B1, DSL-2740R A1, DSL-2680 A1.
Proprio questi modelli sono distribuiti anche col marchio del fornitore di servizi Internet britannico TalkTalk e sono già stati pubblicati i firmware correttivi (i modelli rimarchiati TT hanno firmware personalizzati con numerazione di versione differente). Nelle note di edizione per queste ultime versioni c'è scritto che correggono il problema Rompage (mentre la versione precedente corregge la vulnerabilità XSS attack).

Presumibilmente i modelli successivi MediaTek DSL-2740R B1 e DSL-2770L dovrebbero essere esenti da questo tipo di vulnerabilità.

Pondera

Questa è la divulgazione originaria riguardante la vulnerabilità DNS hijacking (dirottamento DNS) dell'inizio dello scorso anno. I dispositivi affetti risultano gli stessi della vulnerabilità descritta nel messaggio precedente.

Citazione di: maupet0 il 02 Aprile 2015, 06:58:07Per testare la vulnerabilità è sufficiente collegarsi alla seguente pagina:
ATTENZIONE, APRIRE LA PAGINA CAMBIERA' IL DNS PRIMARIO IN 8.8.8.8 (quello di Google) ANCHE SE NON SIETE AUTENTICATI:
ATTENZIONE => http://192.168.1.1/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=8.8.8.8

Abbiamo verificato che le ultime versioni per TT sono immuni. Quindi presumibilmente anche per le correzioni contro questa vulnerabiltà bisogna aspettare la pubblicazione della quale abbiamo parlato nel messaggio precedente.

Pondera


Pondera

Naked Security by Sophos - Researcher reveals D-Link router holes that might never be patched
12 Sep 2017 by John E Dunn

Fonte D-Link UK>Support>Tech Alerts
DIR-850L Rev. Ax & Bx : Multiple Security Vulnerability Report
Monday 18 September 2017 08:57

D-Link Systems, Inc. - On September 8th, 2017, a news article reported zero-day flaws with D-Link DIR-850L routers. D-Link immediately took actions to investigate the issues and endeavours to find the solutions to resolve them.

Firmwares that address these vulnerabilities are now available to download from the DIR-850L product support pages or from the direct links below. Please ensure you follow the instructions provide within the firmware files.

DIR-850L H/W vers. A
DIR-850L H/W vers. B

You can find out the H/W (hardware) version of your DIR-850L from the device label on the bottom of the router.

Product security and customer privacy are important concerns to D-Link. We have a Task force and a Product Management team on call to provide immediate attention to address evolving security issues and implement appropriate security measures. We strive to continuously improve the security of our products.

Please take the following actions in the listed order to help protect your privacy.

1. Reset the router to its default factory setting.
2. Disable the WAN remote admin feature
3. Do not remotely access the router through unauthorised public Wi-Fi.
4. Change the wireless SSID password and PIN code to prevent unauthorised users from accessing the LAN.
5. Change the device's administrator password. Be sure to use a strong new password.

Pondera

KRACK Attacks: Breaking WPA2
Key Reinstallation Attacks - Breaking WPA2 by forcing nonce reuse
Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven

Fonte D-Link EU>Support>Tech Alerts
Response to KRACK :: WPA2 Key Reinstallation Attack Security Vulnerability
Wednesday 18 October 2017 10:27

On October 16th, researchers disclosed security vulnerabilities in the widely used standard for Wi-Fi security, the WPA2 (Wi-Fi Protected Access II), that make it possible for attackers to eavesdrop on Wi-Fi traffic. D-Link started investigating this issue straight away. This security concern appears to be an industry-wide issue that will require firmware patches to be provided from the relevant semiconductor chipset manufacturers. Therefore, D-Link requested their assistance and, as soon as the firmware patches are received, they will be posted on our websites.

In the meantime, we highly recommend our customers to protect their privacy by using encrypted communications protocols such as VPN or HTTPS, especially when delivering confidential information. Please keep checking our website for the newest firmware updates.


Fonte D-Link USA Technical Support>Top Frequently Asked Questions
Q: D-Link Response to KRACK Vulnerability

A:
[...]

Update your Windows, iOS, macOS, Android, and Linux operating systems. This exploit affects ALL wireless clients.

For more information, refer to the following links below:

https://www.tomsguide.com/us/wifi-krack-attack-what-to-do,news-25990.html

https://www.cnet.com/news/krack-wi-fi-attack-patch-how-microsoft-apple-google-responding/

Pondera

Per completezza di informazioni riportiamo anche quanto dichiarato sul forum australiano Whirlpool da Ilya Karachevtsev di D-Link Australia & NZ:

Fonte Whirlpool Forums
Citazione di: 'Ilya K'The KRACK vulnerability is targeting the clients and not the routers/Access Ponts.
If the router/AP is running in normal Wi-Fi mode (as an Access Point) – it is not vulnerable (but the client still is, unless it is patched).
A router / AP will only be affected if running in "AP Client mode" – this mode is not enabled in our routers and very rarely used in APs.

Since this vulnerability involves the core of the WPA/WPA2 operation, we are waiting for an update from Wi-Fi chipset manufacturers. Once they release the code, we will incorporate it into firmware. But again – the important part is to patch the clients (computers, phones, tablets). Modifying the Wi-Fi code on router/AP will still leave clients exposed to this attack, unless they are patched.

As far as I know Microsoft has already released a patch some time ago.

Pondera

KRACK - Aggiornamento situazione da D-Link

Fonte D-Link USA Technical Support
[Update 10/23/17]

Associated CVE IDs for CERT/CC VU number: VU#228519
   CVE-2017-13077
   CVE-2017-13078
   CVE-2017-13079
   CVE-2017-13080
   CVE-2017-13081
   CVE-2017-13082

The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described are in the standard requiring a broad product-line and industry correction. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific product, check the table. Note that the table list below is not exhaustive, and we recommend to check back frequently over the next 30 days.


Fonte D-Link EU>Support>Tech Alerts
The following Access Points are affected ONLY IF THEY ARE SET UP AS CLIENT OR WDS CLIENT MODE, NOT IN ACCESS POINT MODE (NORMAL USE)

The affected D-Link products are:

Wi-Fi extenders

   DHP-W610AV (Hardware version A1, patch available January 2018)
   DAP-1320 (Hardware version A1/B1/C1)
   DAP-1325 (Hardware version A1)
   DAP-1330
   DAP-1360 (Hardware version A1/C2)
   DAP-1365
   DAP-1520 (Hardware version A1)
   DAP-1620 (Hardware version Ax)
   DAP-1635 (Hardware version A1)
   DAP-1665 (Hardware versions A1/A2)



Business access points

   DAP-2360 (Hardware version Bx, patch available December 2017)
   DAP-2610 (Hardware version Ax, patch available December 2017)
   DAP-2660 (Hardware version Ax, patch available December 2017)
   DAP-2230 (Hardware version Ax, patch available January 2018)
   DAP-2310 (Hardware version Bx, patch available January 2018)
   DAP-2553 (Hardware version Bx, patch available January 2018)
   DAP-2695 (Hardware version Ax, patch available January 2018)
   DAP-3320 (Hardware version Ax, patch available January 2018)
   DAP-3662 (Hardware version A1, patch available January 2018)
   DAP-2690 (Hardware version Bx, patch available February 2018)
   DWL-3610AP (Hardware version A1)
   DWL-6610AP (Hardware version A1/B1)
   DWL-6610APE (Hardware version A1)
   DWL-6700AP (Hardware version A3)
   DWL-8610AP (Hardware version Ax)
   DWL-8710AP (Hardware version A1)



Mobile products

   DWR-932 (Hardware version B1, patch available December 2017)
   DIR-506L (Hardware version A1)



Wi-Fi routers

   DIR-518L
   DIR-600L (Hardware version A1)
   DIR-605L
   DIR-809 (Hardware version A2/A3)
   DIR-816L (Hardware version B1)
   DIR-818LW
   DIR-842 (Hardware version C1)
   DIR-850L (Hardware version A1/B1)
   DIR-859
   DIR-860L (Hardware version A1/B1)
   DIR-865L
   DIR-867 (Hardware version A1)
   DIR-868L (Hardware version A1/B1)
   DIR-869
   DIR-878 (Hardware version A1/B1)
   DIR-879 (Hardware version A1)
   DIR-880L
   DIR-882 (Hardware version A1/B1)
   DIR-885L (Hardware version A1)
   DIR-890L (Hardware version A1)
   DIR-895L (Hardware version A1)



Wi-Fi adapters

   DWA-121 (Hardware version A1)
   DWA-125 (Hardware version D1)
   DWA-127 (Hardware version B1)
   DWA-131 (Hardware version E1)
   DWA-140 (Hardware version B3/D1)
   DWA-160 (Hardware version B2/C1)
   DWA-171 (Hardware version A1)
   DWA-172 (Hardware version A1)
   DWA-182 (Hardware version C1)
   DWA-192
   DWA-582 (Hardware version A1)



COVR Wi-Fi system

   COVR-P2502 (Hardware version A1, patch available December 2017)



Network cameras

   DCS-800L (Hardware version A1)
   DCS-820L (Hardware version A1)
   DCS-825L (Hardware version A1)
   DSC-855L (Hardware version A1)
   DCS-930L (Hardware version A3/B2)
   DCS-932L (Hardware version A1/B2)
   DCS-933L (Hardware version A1)
   DCS-935L (Hardware version A1)
   DCS-935H (Hardware version A1)
   DCS-936L (Hardware version A1)
   DCS-942L (Hardware version A3/B1)
   DCS-960L (Hardware version A1)
   DCS-8000LH (Hardware version A1)
   DCS-8100LH (Hardware version A1)
   DCS-8200LH (Hardware version A1)
   DCS-2130 (Hardware version A1)
   DCS-2132L (Hardware version A1/B1)
   DCS-2136L (Hardware version A1)
   DCS-2230L (Hardware version A1)
   DCS-2330L (Hardware version A1)
   DCS-2332L (Hardware version A1)
   DCS-2530L (Hardware version A2)
   DCS-2670L (Hardware version A1)
   DCS-5000L (Hardware version A1)
   DCS-5009L (Hardware version A1)
   DCS-5010L (Hardware version A1)
   DCS-5020L (Hardware version A1)
   DCS-5030L (Hardware version A1)
   DCS-5222L (Hardware version A3/B2)
   DSH-C310 (Hardware version A1)



List of affected US products with an estimated timeline of fixes.

Pondera

KRACK - 2° Aggiornamento situazione da D-Link

Fonte D-Link EU>Support>Tech Alerts
Important Notice to D-Link Product Owners:

Please note that your devices are only vulnerable if the hacker is in physical proximity to and within wireless range of your network.
To avoid being at risk to WPA2 vulnerability issues, DWL, DAP, and DIR series products should have all WDS, client, and extender modes disabled until the update patches are available to address the WPA2 issues.

OUR ACCESS POINTS ARE NOT AFFECTED BY THIS VULNERABILITY IN ACCESS POINT MODE (NORMAL USE)
In addition, all access points under unified management with wireless controllers, Central WiFi Manager or AP-Array are NOT AFFECTED.


m4ss1

DCS-930L / 931L / 932L / 933L / 934L / 5009L/ 5010L / 5020L / 5025L / 5030L :: CVE-2019-10999 :: Authenticated Buffer Overflow

Fonte D-Link USA Technical Support

Note: The exploit requires credentials to be successful.

There exists an authenticated buffer overflow vulnerability in the accused cameras  that can be exploited by malicious users. It occurs when a large string is passed in the WEPEncryption parameter provided to wireless.htm. The variable is expected to be a single character of some value between 0 and 4 based on radio buttons selected by the user. Because of this assumption the length of the string is never verified and passed directly to strcpy() which copies directly to a stack variable. This overwrite can be used to gain control of the return address and possible to execute arbitrary code.

I nuovi firmware con la patch di sicurezza sono previsti per giugno 2019.


Pondera

DIR‑859 + 13 other Router Models :: CVE‑2019‑17621 & CVE‑2019‑20213 LAN‑side security vulnerability

DIR-818Lx Bx firmware v2.05b03_Beta08, DIR-822 Cx firmware v3.12b04, DIR-822 Bx firmware v2.03b01, DIR-823 Ax firmware v1.00b06_Beta, DIR-859 Ax firmware v1.06b01_Beta01, DIR-865L Ax firmware v1.07.b01, DIR-868L Ax firmware v1.12b04, DIR-868L Bx firmware v2.05b02, DIR-869 Ax firmware v1.03b02_Beta02, DIR-880L Ax firmware v1.08b04, DIR-890L Ax firmware v1.11b01_Beta01, DIR-885L Ax firmware v1.12b05, DIR-895L Ax firmware v1.12b10

Pondera


Licenza Creative Commons
Il contenuto dei messaggi del forum è distribuito con
Licenza Creative Commons Attribuzione Non commerciale 4.0
Tutti i marchi registrati citati appartengono ai legittimi proprietari