ID: IRCNE2013122031
Date: 2013-12-03
According to "techworld", D-Link published patches on Monday for a firmware coding goof that could allow attackers to remotely change the settings of several of its router models.
Craig Heffner, a vulnerability researcher who specializes in wireless and embedded systems, wrote on Oct. 12 that the web interface for some D-Link routers could be accessed remotely by setting a browser's user agent string to "xmlset_roodkcableoj28840ybtide."
The string suggests a backdoor was intentionally inserted into the firmware. Read in reverse, the value reads in part "edit by 04882 joel backdoor."
The patches are for D-Link router models DIR-100, DIR-120, DI-524, DI-524UP, DI-604UP, DI-604+, DI-624S and the TM-G5240. Some devices made by Planex and Alpha Networks may also be vulnerable, D-Link said, presumably because they use the same firmware.
The flaw can be exploited if the routers have a remote management feature enabled. Remote management is disabled by default on all routers, D-Link said, but is included for "customer care troubleshooting."
The vulnerability, contained in the firmware shipped with the routers, could be used to change settings and steal information.
Related Link:
New security holes found in D-Link router
- 2