D-Link’s Central Wifi-Manager Seems To Be Vulnerable To Privilege Escalation Attacks Through Trojan File

D-Link’s Central Wifi-Manager is quite a nifty tool. It’s a web-based wireless Access Point management tool, enabling you to create and manage multi-site, multi-tenancy wireless networks. Whether deployed on local computer or hosted in the cloud. But it seems there might have been a security issue with the software.

D-Link’s Central Wifi Manager
Source – D-Link

The D-Link Wifi-Manager software is susceptible to privilege escalation attacks through a trojan. Privilege escalation attacks are quite common and they take advantage of some flaws in code design. These escalation exploits give the attacker elevated authority than intended. Here the devices with Central WiFiManager CWM-100 1.03 r0098 load the exploited ”quserex.dll” and create a new thread running with system integrity. This gives the attacker complete freedom to run any malicious code as SYSTEM. Attackers just have to make a 32 bit DLL file named “quserex.dll” (Trojan) and place it in the same directory as “CaptivelPortal.exe“, then proceeding to restart the service “CaptivelPortal“.

DLL (Dynamic Link Library) files are executable files which are quite susceptible to attacks. If the function of a DLL library is replaced with the original function and a virus code, then execution of the original function will trigger a trojan payload.

D-Link was notified about this issue on August 8th and they acknowledged the same. D-Link started fixing the bug on September and promised to offer a fix by 31st October. This article was sourced from here, where this was originally reported.

This is quite a severe vulnerability, considering the use case of the Central Wifi-Manager software. There were also previous reports of other exploits pertaining to remote code execution, which was then fixed. Consequently D-Link has probably patched this exploit before it went public on 8th November, so there doesn’t seem to be any immediate threats for users of the software.