D-Link issues fixes for firmware backdoor in routers
If remote management is enabled, an attacker could change a router's settings and steal information
IDG News Service - D-Link published patches on Monday for a firmware coding goof that could allow attackers to remotely change the settings of several of its router models.
Craig Heffner, a vulnerability researcher who specializes in wireless and embedded systems, wrote on Oct. 12 that the web interface for some D-Link routers could be accessed remotely by setting a browser's user agent string to "xmlset_roodkcableoj28840ybtide."
The string suggests a backdoor was intentionally inserted into the firmware. Read in reverse, the value reads in part "edit by 04882 joel backdoor."
The patches are for D-Link router models DIR-100, DIR-120, DI-524, DI-524UP, DI-604UP, DI-604+, DI-624S and the TM-G5240. Some devices made by Planex and Alpha Networks may also be vulnerable, D-Link said, presumably because they use the same firmware.
The flaw can be exploited if the routers have a remote management feature enabled. Remote management is disabled by default on all routers, D-Link said, but is included for "customer care troubleshooting."
The vulnerability, contained in the firmware shipped with the routers, could be used to change settings and steal information.
D-Link said after the flaw was discovered it would publish fixes by the end of October. It was unclear from its advisory what caused the delay.
Heffner wrote that the problem may have been discovered long ago by someone else. He found the particular user agent string that unlocks the Web interface on a Russian forum three years ago.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Malware and Vulnerabilities White Papers | Webcasts