D-Link Router Security Problem

D-Link Router Security Problem

UPDATE:

On Nov. 28, D-Link released a series of updates to fix the problem. Updates are available for the following models:

DI-524
DI-524UP
DIR-100
DIR-120
DI-604UP
DI-604+
DI-624S
TM-G5240

http://krebsonsecurity.com/2013/12/important-security-update-for-d-link-routers/

OCTOBER 2013:

A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device’s settings, a serious security problem that could be used for surveillance.

Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability. Heffner wrote on his blog that the web interface for some D-Link routers could be accessed if a browser’s user agent string is set to “xmlset_roodkcableoj28840ybtide.–InfoWorld.com

D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.

The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.–

…D-Link will release firmware updates to address the vulnerability in affected routers by the end of October, the networking equipment manufacturer said via email.

The updates will be listed on a security page on the D-Link website and in the download section of the support page for each affected product.
PC World

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles