Back Door in D-Link Routers

fapvps

New Member
Verified Provider
That is just wrong. I'm sure there are people out there that enable the admin interface on a wan for remote administration with ssl and a secure password. Now there are so many D-Link devices out there that are easy targets.
 

drmike

100% Tier-1 Gogent
Wonder what D-links explanation is about this and existence of the code?

Glad I've long avoided D-Link and thought of them as garbage.   This kind of confirms my lurking suspicion about them.   Look at this wifi solution for $20.

Trendnet and others now need torn down by researchers.

Long live the open source alt firmwares!
 

Raymii

New Member
It's not just D-Link. And it is not always intentionally, look at the recent Transcend Wifi SD card hacking. A lot of those small embedded devices run either old vulnerable software and never get updated or have plain backdoors in them.

Lets just hope my DD-WRT routers and my Pfsense firewalls do better...
 

Raymii

New Member
D-Link has already mentioned that they are currently working on a fix, and those who are keeping a keen eye out on the situation will be able to download the firmware here. Apart from that, D-Link also advised as follows, “As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number.
http://www.ubergizmo.com/2013/10/d-link-to-close-back-door-to-its-routers/
 
Last edited by a moderator:

jarland

The ocean is digital
Vulnerabilities happen. Accidents happen. To code in a bypass if user agent matches a string? That's not an accident. Sounds like malicious intent from the developer to me.
 

Increhost

New Member
Verified Provider
http://www.devttys0.com/blog/ is so good, the "Reverse Engineering Serial Ports"  tutorials

are great, once read, I just couldn't stop opening router's, NAS's and any piece of

hardware that came aroud to discover where the hidden serial/uart port is.

So fun !  :)
 
Top