Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: D-Link Router backdoor vulnerability discovered


15 Oct 2013   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
D-Link Router backdoor vulnerability discovered

Quote:
The security vulnerability will allow full access into the configuration page of the router without knowing the username and password. According to the blog post, when you set your user-agent on your browser to a certain string, the modem will skip the authentication functions and simply log you straight into the router – allowing you to configure anything at your leisure.
Source

D-Link to padlock router backdoor by end of October

Quote:
D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.

The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.
Source

A Guy


My System SpecsSystem Spec
.

16 Oct 2013   #2

Win 7 Ultimate 64 bit
 
 

This, or something similar, has happened before with D-Link, hasn't it?
My System SpecsSystem Spec
16 Oct 2013   #3

Linux Mint 17 Cinnamon | Win 7 Ult x64
 
 

Yes, a few years ago there was a report of other flaws in D-Link routers. But then, other brands have also had their own exposures over the years.

D-Links firmware update cycle on all of their products (at least the ones Ive used - and that's about 20 models), is hellishly slow. Unfortunately, there are few routers that offer the configuration flexibility of the D-Link products, unless you go to third party firmwares like DD-WRT.

A "backdoor-type" function "built" into the router suggests a deliberate implementation, yes?

Surely that is unethical, at least?
My System SpecsSystem Spec
.


16 Oct 2013   #4

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by TanyaC View Post
Yes, a few years ago there was a report of other flaws in D-Link routers. But then, other brands have also had their own exposures over the years.

D-Links firmware update cycle on all of their products (at least the ones Ive used - and that's about 20 models), is hellishly slow. Unfortunately, there are few routers that offer the configuration flexibility of the D-Link products, unless you go to third party firmwares like DD-WRT.

A "backdoor-type" function "built" into the router suggests a deliberate implementation, yes?

Surely that is unethical, at least?
Deliberate, yes. Unethical, maybe not. It might just have been a bad idea.

Visit this article:
Reverse Engineering a D-Link Backdoor - /dev/ttyS0
Scroll down to the first UPDATE:
Quote:
The ever neighborly Travis Goodspeed pointed out that this backdoor is used by the /bin/xmlsetc binary in the D-Link firmware. After some grepping, I found several binaries that appear to use xmlsetc to automatically re-configure the device’s settings (example: dynamic DNS). My guess is that the developers realized that some programs/services needed to be able to change the device’s settings automatically; realizing that the web server already had all the code to change these settings, they decided to just send requests to the web server whenever they needed to change something. The only problem was that the web server required a username and password, which the end user could change. Then, in a eureka moment, Joel jumped up and said, “Don’t worry, for I have a cunning plan!”.
If you read thru the comments in that article linked to above, you should find at least one person that thinks DD-WRT has a backdoor too.
My System SpecsSystem Spec
17 Oct 2013   #5

Linux Mint 17 Cinnamon | Win 7 Ult x64
 
 

Thanks for that, interesting reading.

Gosh, you just can't trust anybody these days
My System SpecsSystem Spec
Reply

 D-Link Router backdoor vulnerability discovered




Thread Tools



Similar help and support threads for2: D-Link Router backdoor vulnerability discovered
Thread Forum
Help using QoS On D-Link Router Network & Sharing
Highly Critical Vulnerability Discovered in Opera 10.52 Browsers & Mail
Highly Critical Vulnerability Discovered in Opera 10.52 Security News
D-Link DI-604 router driver Drivers
Clickjacking vulnerability in Chrome discovered System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:47 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33