D-Link Router Backdoor Vulnerability Leaves System Settings Wide Open

rated by 0 users
This post has 3 Replies | 0 Followers

Top 10 Contributor
Posts 26,733
Points 1,209,535
Joined: Sep 2007
News Posted: Mon, Oct 14 2013 12:22 PM
A hacker (“Craig”) on a site devoted to embedded device hacking posted a lengthy entry detailing how he, on a whim and armed with boredom and too much Shasta cola, reverse-engineered a firmware update and found a backdoor to certain D-Link routers that allows one to access the devices’ web interface by bypassing authentication.

Once you’ve bypassed the authentication process, you can change or access any of the router’s settings. For obvious reasons, this is a serious security problem. This happens if your browser has a certain user agent string.

D-Link router backdoor

“This is performing a strcmp between the string pointer at offset 0xD0 inside the http_request_t structure and the string ‘xmlset_roodkcableoj28840ybtide’; if the strings match, the check_login function call is skipped and alpha_auth_check returns 1 (authentication OK),” wrote Craig.

He discovered the vulnerability in firmware update v.1.13, which he says likely affects the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 D-Link routers as well as two Planex router models, the BRL-04UR and BRL-04CW.
  • | Post Points: 65
Top 200 Contributor
Posts 361
Points 2,580
Joined: Sep 2011

Yikes. Glad my D-link router is not on the list. I wonder if D-link will fix the vulnerability or shrug it off.

  • | Post Points: 5
Top 50 Contributor
Posts 2,929
Points 24,760
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Wed, Oct 16 2013 10:07 AM

Looking at the screen grab of the web interface on these old 802.11G routers i wonder if they even still sell these? and if not then they definitely won't be supporting them. 

  • | Post Points: 5
replied on Tue, Apr 15 2014 5:01 AM

I'm using a router D-link, and i often broken network....


  • | Post Points: 5
Page 1 of 1 (4 items) | RSS