CVE-2013-4855

Vulnerability

The D-Link DIR-865L router ships with an SMB (Samba) service that is misconfigured to allow symbolic links to be created that point to locations outside the designated Samba share [1]. This symlink traversal vulnerability permits a local attacker with access to the SMB share to escape the share boundary. The affected model is the D-Link DIR-865L; specific firmware versions are not disclosed in the available references.

Exploitation

An attacker must be on the local network and have credentials or the ability to mount the SMB share. Once connected, the attacker can create a symbolic link within the share that points to an arbitrary directory on the filesystem (e.g., /etc or /var). Accessing the symlink then allows reading or writing files outside the intended share. No authentication bypass is required beyond normal SMB access.

Impact

Successful exploitation allows a local attacker to read sensitive files (e.g., configuration, password hashes) and potentially write arbitrary files, which could lead to full compromise of the router's configuration or operating system. The attacker gains the ability to modify system files, enabling persistent backdoor or redirection of network traffic.

Mitigation

As of the publication date (October 2019), no firmware update has been identified in the available references that addresses this vulnerability [1]. Users are advised to disable the SMB service on the router if it is not required, or restrict SMB access to trusted IP addresses via firewall rules. Segmenting the router's management interface from the user network can also reduce exposure.