Vulnerability found in D-Link routers allows unrestricted access to configuration page

A frightening new vulnerability has been discovered in D-Link's older routers. Discovered by /dev/ttyS0, a website dedicated to embedded device hacking,

A frightening new vulnerability has been discovered in D-Link's older routers. Discovered by /dev/ttyS0, a website dedicated to embedded device hacking, the vulnerability could potentially let anyone get access to one's router configurations. It was discovered when one of the writers at /dev/ttyS0 reverse-engineered a firmware update that was released by D-Link.

The vulnerability allows a potential hacker to get full access to the router's configuration page, even if the hacker doesn't know the username or password for it. This is achieved by setting your browser's user-agent to a certain string. With this, the modem skips authentication, and simply logs you in to the router.

The DIR-100 is one of the affected routers

The DIR-100 is one of the affected routers

 

To quote the website, "In other words, if your browser’s user agent string is “xmlset_roodkcableoj28840ybtide” (no quotes), you can access the web interface without any authentication and view/change the device settings."

The only caveat is that the hacker has to be connected to the router, either through Wi-Fi or Ethernet. Other than this, there is no way to protect yourself from this vulnerability. The most secure thing you can do in case you use one of these routers is to get a newer, more modern and secure router.

The routers affected by this are DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240. The firmware with the vulnerability is numbered at 1.13. The routers, thankfully, are at the end of their life cycle. Pretty soon, they won't be available for purchase. However, if you already own one of these, it is worth noting that future support from D-Link is unlikely.

Loading...




Top Stories


also see

science