Serious Security Problem with D-Link Routers

Serious Security Problem with D-Link Routers

A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device’s settings, a serious security problem that could be used for surveillance.

Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability. Heffner wrote on his blog that the web interface for some D-Link routers could be accessed if a browser’s user agent string is set to “xmlset_roodkcableoj28840ybtide.–InfoWorld.com

UPDATE:

D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.

The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.–

…D-Link will release firmware updates to address the vulnerability in affected routers by the end of October, the networking equipment manufacturer said via email.

The updates will be listed on a security page on the D-Link website and in the download section of the support page for each affected product.
PC World

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles