D-Link has resolved an authentication bypass flaw in one of its enterprise switches.
Flaws in the vendor's DGS-1510 enterprise switch kit, discovered by security researcher Varang Amin, were resolved with a firmware update (pdf advisory here ). Left unresolved, the security bug can create an unauthenticated command bypass and presents unauthenticated information disclosure risk.
"A remote attacker can exploit the authentication bypass vulnerabilities to execute remote and local commands on the D-Link enterprise switch," Amin told El Reg .
Dlink's advisory on the CVE-2017-6206 vulnerability can be found here .
The DGS-1510 Websmart switch series firmware has been found to have security vulneratiblies. The vulnerabilities include unauthenticated command bypass and unauthenticated information disclosure.
D-link releases the patch as a beta but the range of attacks possible on unpatched systems, as outlined by Amin, make it a candidate for immediate update, rather than one to one to keep on the bench.
A variety of potential exploits would be possible on vulnerable switches including extracting configuration files containing network information or adding a new admin account before taking full control of switch, claimed Amin.
"The vulnerability can be exploited from any remote location on the internet," Amin added. "The PoC highlights that fact. We have found dozens of these systems available on the internet but we do not have exact numbers as we did not conduct any specific tests to obtain the numbers."
DGS Enterprise Switch 1510 series is a piece of enterprise-grade kit.
Amin and his colleagues plan to make the PoC code they have developed available for penetration testers and researchers for use during assessments or in follow-up research into the security of embedded devices.