FortiDAST
FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
rdiwakar
Staff
Staff
Article Id 321035
Description

This outbreak alert on D-Link covers three vulnerability that is CVE-2024-3273, CVE-2021-40655 and CVE-2014-100005.

 

CVE-2024-3273 is a critical security vulnerability found in certain D-Link NAS devices. It allows remote attackers to execute arbitrary commands on the device, potentially giving them complete control over it.

 

CVE-2021-40655 is a security vulnerability that affects specific D-Link routers (D-LINK-DIR-605 B2 Firmware Version : 2.01MT) and allows attackers to steal sensitive information. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.

 

CVE-2014-100005 is a critical vulnerability that affects older D-Link DIR-600 routers (revision Bx) with firmware versions before 2.17b02. It allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.

 

This article describes the assessment of command injection, information disclosure and CSRF vulnerability in D-Link software.

Scope FortiDAST Scripting Engine updated in version 24.1.0-build012(GA)
Solution

Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE).

This technology enables FortiDAST to assess remotely with a high level of confidence if an asset is vulnerable to a specific vulnerability by testing the disarmed exploit against the asset itself.

 

To configure the scan, it will be necessary to enable the FSE group signature 'dlink' which will select the underlying script as per the scan requirement: ‘CVE-2024-3273-DLINK-NAS-Command-Injection-Vulnerability’, ‘CVE-2021-40655-DLINK-Information-Disclosure-Vulnerability’ and ‘CVE-2014-100005-DLINK-CSRF-Vulnerability.’

 

For reference, a step-by-step guide on how to configure FortiDAST to trigger FSE can be found on Fortinet’s blog:
https://www.fortinet.com/blog/business-and-technology/fortipentest-exploit-engine-a-new-security-ars...

Contributors