Jump to content

D-Link: Oops! We'll slam shut that router backdoor by end of month


Recommended Posts

D-Link: Oops! We'll slam shut that router backdoor by end of month

D-plan is for d-firmware to land on d-website

By Richard Chirgwin, 14th October 2013


D-Link has promised to close its routers' backdoors by Hallowe'en, following revelations that many of its consumer-grade devices accept unauthenticated access to its admin Web page.


As reported here yesterday, a researcher at /DEV/TTYS0 blog unpacked the firmware of a number of D-Link devices, finding that if a browser presented the correct user agent string to the internal administrative Web server, it would receive unauthenticated and unfettered access to the device's administration panel. From there, it would be a cinch to snoop on users' communications.


According to D-Link, the company is working on the fix now, and in a statement sent to The Register, the company said the firmware will be provided here.


The company also offered this advice:


“As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.”


In the meantime, users should ensure there's a strong Wi-Fi password on their kit, and should disable remote administrative access. ®


More Reading


SOURCE: http://www.theregister.co.uk/2013/10/14/dlink_plans_firmware_update_to_disable_dbackdoor/



Link to post
Share on other sites

Yep. Same thing with the WPS fiasco. Most users of these devices don't have a clue what firmware is or means. And how are these folks going to be made aware there is a problem ? Heh..


To be honest, I don't see a big interest in exploiting this flaw though, except from some little hackers out to have some fun, maybe. Those who have highly sensitive stuff on their home computers should know well enough to not activate remote administration anyway. But some will get caught with their pants down, it's inevitable..

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.