
Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet.
Discovered by Kaspersky Lab researchers, this backdoor grants an attacker access to the device's web panel, and there's no way in which device owners can disable this secret account.
The only way to protect devices from getting hacked is to avoid having the router expose its admin panel on the WAN interface, and hence, reachable from anywhere on the Internet.
To prevent abuse, Kaspersky researchers have refrained from disclosing the backdoor's account username and password.

One other vulnerability can disclose Telnet credentials
The backdoor account (CVE-2018-6213) is just one of four vulnerabilities Kaspersky researchers found in the firmware of these devices following a recent security audit. The other three flaws include:
⯄ CVE-2018-6211 - a flaw that lets attackers execute OS commands via one of the admin panel's URL parameters
⯄ CVE-2018-6212 - a reflected cross-site scripting (XSS) vulnerability in the router's "Quick Search" admin panel field
Both CVE-2018-6210 and CVE-2018-6213 are considered dangerous flaws as they allow attackers easy access to the device.
Not that many devices left around to exploit
The good news is that D-Link DIR-620 devices are older router models and there aren't that many around to exploit.
Most of these devices were deployed by Russian, CIS, and Eastern European ISPs as on-premise equipment provided to broadband customers.
The vast majority of these devices are located in Russia, and Kaspersky said it already contacted ISPs to inform them of the issue.
Shodan searches for these devices reveal less than 100 DIR-620 routers available online, showing that most ISPs have heeded Kaspersky's warnings and restricted access to these devices on their networks.
D-Link won't release firmware updates for such an old device
Kaspersky experts said they've also contacted D-Link about the discovered issues, but the company said it did not intend to issue new firmware updates for such an older model unless one of the ISPs it has as an enterprise customer specifically request a security update for these devices.
Researchers said they tested the following DIR-620 firmware versions and found that they included the four flaws, in various degrees:
1.0.3
1.0.37
1.3.1
1.3.3
1.3.7
1.4.0
2.0.22
Comments
cjgiam - 4 years ago
"D-Link won't release firmware updates for such an old device"?! That instills a lot of confidence in D-Link equipment & security appliances!
spectre/meltdown backdoor issues effect CPU's as far back as 1995, & although the processor manufacturers are not doing too well, at least they are attempting to do something, not just saying "Oh well, too old, too bad, live with it". Or, buy new equipment, which, of course, has no guarantee that there isn't another backdoor of some type built in.
The whole thing is a mess & these companies need to start being held responsible for the chaos they are causing.
STS-1 - 4 years ago
My question would be "If there is a backdoor in that model, are there any backdoors in other D-LINK products that have yet not been discovered...." And absolutely until Manufacturers are held accountable to fix the messes they create, it makes ALL of us just a little less safe...