Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor to D-Link routers


  • Please log in to reply
1 reply to this topic

#1 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:12 AM

Posted 13 October 2013 - 10:24 AM

Hi,

Reverse engeneering of the latest firmware update from d-link showed that it allows root-access to the configuration interface of (some of) their routers without authentication if you access them with the correct user-agent set in your browser. Handy, no?

The full analysis can be found here: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

The following D-Link devices are likely affected:
  • DIR-100
  • DI-524
  • DI-524UP
  • DI-604S
  • DI-604UP
  • DI-604+
  • TM-G5240
Additionally, several Planex routers also appear to use the same firmware:
  • BRL-04UR
  • BRL-04CW
regards
myrti

EDIT: And for some extra fun and giggles, try reading the user-agent backwards.
Spoiler

Edited by myrti, 13 October 2013 - 10:35 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:01:12 AM

Posted 13 October 2013 - 10:56 AM

I had one of the affected Routers in use previously.

 

I was having a weird problem with one wireless connection. It was definitely at the router end.

I wonder if it was related to that Backdoor.

 

I've since switched to a 802.11ac Router and USB wireless Dual Band setup and now get all the speed I'm paying for on the 5Ghz band. the 2.4Ghz band Internet speed is only in the 30Mbps area one quarter (1/4) of the Internet speed on the 5Ghz band. Probably congestion.

 

Thank You for posting the Warning. I may just Bin the Dlink router, rather than keep it as a spare just in case.

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users