CVE-2017-8415

Name of the Vulnerable Software and Affected Versions D-Link DCS-1100 (affected versions not specified) D-Link DCS-1130 (affected versions not specified)

Description An issue was discovered on D-Link devices, where a custom telnet daemon as part of the busybox retrieves the password from the shadow file using the getspnam function. It then performs a crypt operation on the password retrieved from the user and checks if the password is correct or incorrect using strcmp. However, the /etc/shadow file is part of a CRAM-FS filesystem, which means the user cannot change the password. A hardcoded hash in /etc/shadow is used to match the credentials provided by the user, which is a salted hash of the string "admin" and acts as a password to the device.

Recommendations For D-Link DCS-1100, consider disabling the telnet daemon until a patch is available. For D-Link DCS-1130, consider disabling the telnet daemon until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.