The Broadband Guide
search advanced

Backdoor found in D-Link router firmware code

2013-10-14 09:16 by
Tags: , ,


A new vulnerability has been discovered in D-Link's older routers. The vulnerability was discovered by /dev/ttyS0, a website dedicated to embedded device hacking, when Craig Heffner, one of its writers reverse engineered a firmware update from D-Link.

The vulnerability allows a potential hacker to get full access to the router's configuration page, even if the hacker doesn't know the username or password for it. This is achieved by setting your browser's user-agent to a certain string. With this, the modem skips authentication, and simply logs you in to the router.

"My guess is that the developers realized that some programs/services needed to be able to change the device's settings automatically," Heffner wrote. "Realizing that the web server already had all the code to change these settings, they decided to just send requests to the web server whenever they needed to change something.

"The only problem was that the web server required a username and password, which the end user could change. Then, in a eureka moment, Joel jumped up and said, 'Don't worry, for I have a cunning plan'!"

The affected models include: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240. The same firmware is also used in the BRL-04UR and BRL-04CW routers made by Planex, Heffner wrote.

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About