Daniel Schlör

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 revision F versions 609EU through 613EUbeta D-Link DAP-1360 revision F versions through 6.12b01 Description: An issue was discovered on D-Link DAP-1360 revision F devices, allowing remote attackers to start a telnet service without authorization via an undocumented HTTP request. The impact depends on the firmware version. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed, but the telnet service can still be started without authorization. Recommendations: For versions 609EU through 613EUbeta, update the firmware to a version later than 6.12b01 to change the weak root credentials. For versions through 6.12b01, update the firmware to a version later than 6.12b01 to change the weak root credentials. As a temporary workaround, consider disabling the telnet service until a patch is available.