D-Link Router Backdoor Vulnerability Leaves System Settings Wide Open
Once you’ve bypassed the authentication process, you can change or access any of the router’s settings. For obvious reasons, this is a serious security problem. This happens if your browser has a certain user agent string.
“This is performing a strcmp between the string pointer at offset 0xD0 inside the http_request_t structure and the string ‘xmlset_roodkcableoj28840ybtide’; if the strings match, the check_login function call is skipped and alpha_auth_check returns 1 (authentication OK),” wrote Craig.
He discovered the vulnerability in firmware update v.1.13, which he says likely affects the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 D-Link routers as well as two Planex router models, the BRL-04UR and BRL-04CW.