By the end of this month, D-Link would address a security problem affecting some models of its routers. This would be an important fix because the issue enables attackers to modify settings in the device even without providing the correct username and password.
This security problem involves a backdoor-type function that is built within the firmware of identified D-link routers. That weakness could be used by attackers to bypass the usual authentication procedure on online user interfaces.
The company identified the affected router models. Those include DIR-100, DIR-615, DI-524, DI-524UP, TM-G5240, DI-604S, DI-604UP, and DI-604+. D-Link would also subject to the fixes some of its routers that were manufactured by Planex Communications because those could also be vulnerable to the issue as they use similar firmware.
Discovery and reporting
A vulnerability researcher from Tactical Network Solutions discovered and reported the problem. Craig Heffner has revealed that attackers could access the online interface even without authentication and amid changes in device settings of routers with browsers having the user agent string: xmlset_roodkcableoj28840ybtide.
That would appear in the last part of the hard-coded value. Notice that when reversed, it would read: edit by 04882 joel backdoor. That is why the problem is often referred to as ‘router backdoor.’
It was found that the possible risk of any unauthorized access tends to be higher in routers that are configured specifically for remote management and are having Web administration interface that is exposed online.
Even if the interface is accessible only from the internal network, the backdoor problem could still pose serious threat. That is because visitors who get connected to the wireless network or to any malware running in the PC or device within the network could possibly exploit the opportunity for unauthorized changes to router’s configuration.
D-Link would release updates to the firmware in the coming weeks to address identified vulnerability in affected routers. Those updates would be listed on the networking equipment firm’s security page in its Website. Helpful information would also appear in the download section of each affected model’s support page.
The company also issued one final advice to users of affected routers. It asked users to make sure Wi-Fi password is always enabled and the remote access should be disabled at the same time. D-Link also asks users to ignore unsolicited emails relating to security vulnerabilities that prompt action.
For comments and suggestions, leave a message in the comments section below. Like and Follow our Facebook page for more stories and to stay up-to-date with the latest happenings.