D-Link upgrades its firmware to fix backdoor presence

9:30 ET, 5 December 2013

D-Link company has recently released a new version of firmware to fix backdoor vulnerability in various network device models.

Last October the security expert Craig Heffner discovered a backdoor inside different D-Link routers. Craig published an interesting blog post on “/dev/ttyS0″ on the reverse engineering of the backdoor (CVE-2013-6027) present in many D-Link devices, it described how an attacker was able to alter a router setting by passing the authentication mechanism.

Craig reverse engineered the D-Link Backdoor, discovering that if attacker browser user agent string is xmlset_roodkcableoj28840ybtide, he can access the web interface of the D-Link device bypassing authentication procedure and view/change the device settings.

Reading the string xmlset_roodkcableoj28840ybtide backwards it appears as “Edit by 04882 joel backdoor“.

Last week, D-Link has issued a new release of firmware for the vulnerable router models, the new software includes a fix to prevent unauthorized administrator access. D-Link has released the updates for the following models:

  • DIR-100
  • DIR-120
  • DI-524
  • DI-524UP
  • DI-604UP
  • DI-604+
  • DI-624S
  • TM-G5240

dlink

 

The security advisory issued by D-Link suggests users to do not enable the Remote Management feature to avoid being a victim of a cyber attack that exploits the backdoor.  Below the recommendation provided by the D-Link Company to its customers:

  • Do not enable the Remote Management feature since this will allow malicious users to use this exploit from the internet.  Remote Management is default disabled on all D-Link Routers and is included in customer care troubleshooting if useful and the customer enables it.
  • If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorized persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
  • Make sure that your wireless network is secure.

If you are interested to find vulnerable devices within your organization you can use the NMAP script written in Python and published on pastebin.

Pierluigi Paganini

(Security Affairs –  Backdoor, D-Link)
rsa-logo

 

 

 

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X