D-Link To Patches Router Back-Door Vulnerability
Gabriel Roşu / 4 years ago
A patch has finally been released by D-Link for a serious security vulnerability in selected models of router, following the discovery of an easily accessed back-door to the router menu.
It was first discovered by researcher Craif Heffner back in October, where Heffner saw the ‘xmlset_roodkcableoj28840ybtide’ which contains the backwards plain-text string ‘edit by 04882 joel backdoor’, as your browser’s user agent bypassed the router’s requirement for a username and password to access the configuration menu. Pretty scary as well as intriguing at the same time.
D-Link has admitted that the discovery was real but defended the practice stating that it was used by technical service engineers to retrieve router information in cases where the routers’ firmware crashed.
“The so-called back-door was implemented in these six older products as a failsafe for D-Link technical repair service to retrieve router settings for customers in case of firmware crashes that would result in lost configuration information,” a company spokesperson claimed via email at the time. ‘Nonetheless, the new firmware updates will respectively revoke any failsafe opportunity.”
Users who still run the affected routers, which are models DIR-100, DIR-120, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, DI-624S, and TM-G5240, it is a relief to know that the company has finally released updated firmware files which remove the hard-coded back-door. D-Link reportedly promised a released date close to the end of October, but apparently hit something of a last-minute delay.
There are rumors that the DIR-615 model is also vulnerable to the flaw, but the rumor has been denied by D-Link with no firmware update planned for that device. Though users of the latter model should be cautions nonetheless.
Thank you Bit-Tech for providing us with this information