Jump to content

SECURITY ALERT: Back door found in D-Link routers


ShyWriter
 Share

Recommended Posts

.
Back door found in D-Link routers

D-secret is D-logon string allowing access to everything

 

By Richard Chirgwin, 13th October 2013
 

A group of embedded device hackers has turned up a vulnerability in D-Link consumer-level devices that provides unauthenticated access to the units' admin interfaces.
 
The flaw means an attacker could take over all of the user-controllable functions of the popular home routers, which includes the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240 units. According to the post on /DEV/TTYS0, a couple of Planex routers are also affected, since they use the same firmware.

A Binwalk extract of the DLink DIR-100 firmware revealed that an unauthenticated user needs only change their user agent string to xmlset_roodkcableoj28840ybtide to access the router's Web interface with no authentication.

 

The /DEV/TTYS0 researcher found the user agent string inside a bunch of code designed to run simple string comparisons. For one of those comparisons, “if the strings match, the check_login function call is skipped and alpha_auth_check returns 1 (authentication OK)”, the author notes.

 

Some commentards to that post claimed to have successfully tested the backdoor against devices visible to the Shodan device search engine.

 

The /DEV/TTYS0 author, Craig, says the backdoor exists in v1.13 of the DIR-100revA products.

 

At this point, there's no defence against the backdoor, so users are advised to disable WAN-port access to the administrative interfaces of affected products. ®

 

SOURCE: /http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor

 

/Steve

Link to post
Share on other sites

.

At this point, there's no defence against the backdoor, so users are advised to disable WAN-port access to the administrative interfaces of affected products. ®

 

If one reviews my Router related posts, I have always suggested disabling Router Management from the Internet POV (WAN).  It should ONLY be performed from the LAN side.

Link to post
Share on other sites

The WPS (Wi-Fi Protected Setup) flaws discovered last year (give or take) are just as serious as this, if not more. I had to update firmware on I can't remember how many Linksys routers when that story broke. It wasn't only Linksys routers that were affected. Turning WPS Off wasn't enough. How many routers are still out there, unpatched, with WPS used because that's how the setup wizard wants you to connect ? Sigh..

Link to post
Share on other sites

  • Root Admin

Not sure if it's dead or not.  I was in a hurry and didn't have time to play with it so I bought a new one a while back.  The wife wanted me to clean up a bit and I saw it and thought I'd take a look and see if I can bring it back to life or not.  As soon as I get a bit of free time I'll take a look at it.

 

Thanks Mark.

Link to post
Share on other sites

  • Root Admin

Ah heck it was actually pretty quick. Downloaded the firmware and installed it and viola it's ALIVE again.

Not sure where I'll use it now but I'm sure I'll figure out someway to consume more electricity at home.  :o

 

 

http://www.dd-wrt.com/wiki/index.php/Main_Page

 

http://www.dd-wrt.com/site/support/router-database

Link to post
Share on other sites

Nice job Ron ! There goes my theory, up in smoke. I've probably sent three or four old units to the dumpster after they'd stopped working... without testing with new firmware. Oh well, guess I was ready for shiny new toys at that point (but don't tell anyone I like shiny new toys :D ).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.