D-Link Router Backdoor Vulnerability Leaves System Settings Wide Open

A hacker (“Craig”) on a site devoted to embedded device hacking posted a lengthy entry detailing how he, on a whim and armed with boredom and too much Shasta cola, reverse-engineered a firmware update and found a backdoor to certain D-Link routers that allows one to access the devices’ web interface by bypassing authentication.

Once you’ve bypassed the authentication process, you can change or access any of the router’s settings. For obvious reasons, this is a serious security problem. This happens if your browser has a certain user agent string.

D-Link router backdoor

“This is performing a strcmp between the string pointer at offset 0xD0 inside the http_request_t structure and the string ‘xmlset_roodkcableoj28840ybtide’; if the strings match, the check_login function call is skipped and alpha_auth_check returns 1 (authentication OK),” wrote Craig.

He discovered the vulnerability in firmware update v.1.13, which he says likely affects the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 D-Link routers as well as two Planex router models, the BRL-04UR and BRL-04CW.
Via:  devttys0
Comments
thunderdan602 one year ago

Yikes. Glad my D-link router is not on the list. I wonder if D-link will fix the vulnerability or shrug it off.

digitaldd one year ago

Looking at the screen grab of the web interface on these old 802.11G routers i wonder if they even still sell these? and if not then they definitely won't be supporting them. 

8 months ago

I'm using a router D-link, and i often broken network....

http://www.brazilianhair.ca/

Post a Comment
or Register to comment