Backdoor found in D-Link router firmware code2013-10-14 09:16 by Daniela
Tags: D-Link, security, backdoor
A new vulnerability has been discovered in D-Link's older routers. The vulnerability was discovered by /dev/ttyS0, a website dedicated to embedded device hacking, when Craig Heffner, one of its writers reverse engineered a firmware update from D-Link.
The vulnerability allows a potential hacker to get full access to the router's configuration page, even if the hacker doesn't know the username or password for it. This is achieved by setting your browser's user-agent to a certain string. With this, the modem skips authentication, and simply logs you in to the router.
The affected models include: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240. The same firmware is also used in the BRL-04UR and BRL-04CW routers made by Planex, Heffner wrote.
Read more -here-