VU#813349: Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation

Overview

The software driver for D-Link DWA-117 AC600 MU-MIMO Wi-Fi USB Adapter contains a unquoted service path privilege escalation vulnerability. In certain conditions, this flaw can lead to a local privilege escalation.

Description

D-Link DWA-117 AC600 MU-MIMO is a Wi-Fi USB Adapter that enables Wi-Fi network accessible over USB. D-Link provides a software driver for Microsoft Windows operating system that enables proper operation of the device with the operating system. The latest software driver (as of Arpil 19, 2023) was found susceptible to an unquoted service path vulnerability. Given certain conditions are met, there is potential for a local privilege escalation allowing an attacker to escalate privileges to local administrative user.

The following conditions are required to trigger this bug
* The software is installed in a directory with a space in it. (The default settings for directory will work)
* An unprivileged user should have write access to the directory above the folder that contains the space in its name. (Typical default Windows user permissions is sufficient)

Impact

An attacker with low level access can execute code as the system account. The increased privileges allow for access to sensitive files and malicious modifications to the system.

Solution

D-Link has provided a patch that addresses the issue. Customers should update their driver to the latest version.

Acknowledgements

Thanks to @L1v1ng0ffTh3L4n for reporting the vulnerability.

This document was written by Kevin Stephens.

Vendor Information

One or more vendors are listed for this advisory. Please reference the full report for more information.

Other Information

CVE IDs:
Date Public: 2023-07-27
Date First Published: 2023-07-27
Date Last Updated: 2023-07-27 15:17 UTC
Document Revision: 1

Source: https://kb.cert.org/vuls/id/813349