Back Door in D-Link Routers

raindog308 · Oct 14, 2013

http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/

I think you'd have to be a bit daffy to expose your admin interface over the WAN port - I don't know about D-Link's native firmware, but Tomato, DD-WRT, OpenWRT, etc. will let you turn it off.

But even still...

fapvps · Oct 14, 2013

That is just wrong. I'm sure there are people out there that enable the admin interface on a wan for remote administration with ssl and a secure password. Now there are so many D-Link devices out there that are easy targets.

drmike · Oct 15, 2013

Wonder what D-links explanation is about this and existence of the code?

Glad I've long avoided D-Link and thought of them as garbage. This kind of confirms my lurking suspicion about them. Look at this wifi solution for $20.

Trendnet and others now need torn down by researchers.

Long live the open source alt firmwares!

Raymii · Oct 15, 2013

It's not just D-Link. And it is not always intentionally, look at the recent Transcend Wifi SD card hacking. A lot of those small embedded devices run either old vulnerable software and never get updated or have plain backdoors in them.

Lets just hope my DD-WRT routers and my Pfsense firewalls do better...

Raymii · Oct 15, 2013

D-Link has already mentioned that they are currently working on a fix, and those who are keeping a keen eye out on the situation will be able to download the firmware here. Apart from that, D-Link also advised as follows, “As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number.

http://www.ubergizmo.com/2013/10/d-link-to-close-back-door-to-its-routers/

jarland · Oct 15, 2013

Vulnerabilities happen. Accidents happen. To code in a bypass if user agent matches a string? That's not an accident. Sounds like malicious intent from the developer to me.

Increhost · Oct 15, 2013

http://www.devttys0.com/blog/ is so good, the "Reverse Engineering Serial Ports" tutorials

are great, once read, I just couldn't stop opening router's, NAS's and any piece of

hardware that came aroud to discover where the hidden serial/uart port is.

So fun !

Back Door in D-Link Routers

raindog308

vpsBoard Premium Member

fapvps

New Member

drmike

100% Tier-1 Gogent

Raymii

New Member

Raymii

New Member

jarland

The ocean is digital

Increhost

New Member