D-Link DIR-619L Firmware Authentication Vulnerability in Boa Component

A vulnerability exists in the D-Link DIR-619L router running firmware version 6.02CN02. The issue arises in the Boa web server component, specifically within the FirmwareUpgrade function, which handles firmware updates. The vulnerability is due to hard-coded verification information being used to authenticate new firmware, allowing attackers to craft a tampered firmware image that bypasses this verification. This manipulated firmware can then be uploaded to the device, potentially leading to arbitrary code execution or a denial-of-service condition. The vulnerability can be exploited remotely, but requires a certain level of authentication.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device or causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first authenticate to the router's web interface. Then, navigate to the firmware upgrade section. Upload a firmware image that has been modified to include the same hard-coded verification flags as a legitimate update. Once the tampered firmware is uploaded, the router will accept it as a valid update, bypassing the authentication checks. After the router is updated with the malicious firmware, the injected code can be executed or the device can be rendered unresponsive, depending on the chosen payload.