[News] D-Link publishes patches for backdoor flaw on its routers

D-Link has finally published patches for its router models being affected by a firmware hack which could allow attackers to remotely access its settings. The “backdoor” issue was found by a vulnerability researcher, Craig Heffner, who said on his blog that the web interface for some D-Link routers could be accessed remotely by setting the browser’s user agent to the follow string: “xmlset_roodkcableoj28840ybtide”. If you read that string in reverse, it would say: “edit by 04882 joel backdoor”.

This flaw can only work if the affected D-Link routers have the Remote Management feature enabled, but D-Link have said that Remote Management is set to “off” by default, but it is normally turned on for “customer care troubleshooting”.

The following are the model numbers for the affected D-Link routers: 

DIR-100, DIR-120, DI-524, DI-524UP, DI-604UP, DI-604+, DI-624S and the TM-G5240. Some devices made by Planex and Alpha Networks may also be vulnerable, D-Link said, probably because they use the same firmware.

D-Link said that when it was notified of the flaw (sometime around the middle of October 2013),  it would have a fix in place by the end of October, but it is now the beginning of December, so we are not so sure what may have caused to extra delay in publishing the patches for this flaw.

In any case, the flaw should now be fixed if you have applied the patch.

Comments