DLink backdoor

0xDC
11 years ago | edited 11 years ago

3

A security researcher of /dev/ttyS0 reverse engineered the firmware of a DLink DIR-100. He found it was possible to gain access to the administrative interface of this device by changing the browser’s user-agent to “xmlset_roodkcableoj28840ybtide” (without the quotes).

Read more here. It is also believed that this works on other DLink models as well.

If you own a DLink router, please test this and report the model number in this thread.

Thanks!
0xDC

Here’s a list of affected models:

DLink

DIR-100
DI-524
DI-524UP
DI-604S
DI-604UP
DI-604+
TM-G5240

Planex
Planex routers also seem to use the same firmware.

BRL-04UR
BRL-04CW

3replies
4voices
172views
daMage
11 years ago

0

An interesting article, to say the least. Thanks for the link (and info) ;)

CygnusH33L
11 years ago

0

DLink have released firmware updates for this now http://thehackernews.com/2013/12/d-link-releases-router-firmware-updates.html
just seen it on twitter and thought I’ve seen this somewhere before, guessed it was here :)

Pete Maynard [Osaka]
11 years ago

0

You can find some routers through shodan with a little bit of research.

You must be logged in to reply to this discussion. Login
1 of 4

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss