D-Link company has recently released a new version of firmware to fix backdoor vulnerability in various network device models.
Last October the security expert Craig Heffner discovered a backdoor inside different D-Link routers. Craig published an interesting blog post on “/dev/ttyS0″ on the reverse engineering of the backdoor (CVE-2013-6027)
present in many D-Link devices, it described how an attacker was able
to alter a router setting by passing the authentication mechanism.
Craig reverse engineered the D-Link Backdoor, discovering that if attacker browser user agent string is xmlset_roodkcableoj28840ybtide, he can access the web interface of the D-Link device bypassing authentication procedure and view/change the device settings.
Reading the string xmlset_roodkcableoj28840ybtide backwards it appears as “Edit by 04882 joel backdoor“.
Reading the string xmlset_roodkcableoj28840ybtide backwards it appears as “Edit by 04882 joel backdoor“.
Last week, D-Link has issued a new release of firmware for
the vulnerable router models, the new software includes a fix to
prevent unauthorized administrator access. D-Link has released the
updates for the following models:
- DIR-100
- DIR-120
- DI-524
- DI-524UP
- DI-604UP
- DI-604+
- DI-624S
- TM-G5240
- Do not enable the Remote Management feature since this will allow malicious users to use this exploit from the internet. Remote Management is default disabled on all D-Link Routers and is included in customer care troubleshooting if useful and the customer enables it.
- If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorized persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
- Make sure that your wireless network is secure.
No comments:
Post a Comment