Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: D-Link Router backdoor vulnerability discovered

15 Oct 2013   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
D-Link Router backdoor vulnerability discovered

Quote:
The security vulnerability will allow full access into the configuration page of the router without knowing the username and password. According to the blog post, when you set your user-agent on your browser to a certain string, the modem will skip the authentication functions and simply log you straight into the router – allowing you to configure anything at your leisure.
Source

D-Link to padlock router backdoor by end of October

Quote:
D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.

The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.
Source

A Guy


My System SpecsSystem Spec
.

16 Oct 2013   #2
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

This, or something similar, has happened before with D-Link, hasn't it?
My System SpecsSystem Spec
16 Oct 2013   #3
TanyaC

Linux Mint 17 Cinnamon | Win 7 Ult x64
 
 

Yes, a few years ago there was a report of other flaws in D-Link routers. But then, other brands have also had their own exposures over the years.

D-Links firmware update cycle on all of their products (at least the ones Ive used - and that's about 20 models), is hellishly slow. Unfortunately, there are few routers that offer the configuration flexibility of the D-Link products, unless you go to third party firmwares like DD-WRT.

A "backdoor-type" function "built" into the router suggests a deliberate implementation, yes?

Surely that is unethical, at least?
My System SpecsSystem Spec
.


16 Oct 2013   #4
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by TanyaC View Post
Yes, a few years ago there was a report of other flaws in D-Link routers. But then, other brands have also had their own exposures over the years.

D-Links firmware update cycle on all of their products (at least the ones Ive used - and that's about 20 models), is hellishly slow. Unfortunately, there are few routers that offer the configuration flexibility of the D-Link products, unless you go to third party firmwares like DD-WRT.

A "backdoor-type" function "built" into the router suggests a deliberate implementation, yes?

Surely that is unethical, at least?
Deliberate, yes. Unethical, maybe not. It might just have been a bad idea.

Visit this article:
Reverse Engineering a D-Link Backdoor - /dev/ttyS0
Scroll down to the first UPDATE:
Quote:
The ever neighborly Travis Goodspeed pointed out that this backdoor is used by the /bin/xmlsetc binary in the D-Link firmware. After some grepping, I found several binaries that appear to use xmlsetc to automatically re-configure the device’s settings (example: dynamic DNS). My guess is that the developers realized that some programs/services needed to be able to change the device’s settings automatically; realizing that the web server already had all the code to change these settings, they decided to just send requests to the web server whenever they needed to change something. The only problem was that the web server required a username and password, which the end user could change. Then, in a eureka moment, Joel jumped up and said, “Don’t worry, for I have a cunning plan!”.
If you read thru the comments in that article linked to above, you should find at least one person that thinks DD-WRT has a backdoor too.
My System SpecsSystem Spec
17 Oct 2013   #5
TanyaC

Linux Mint 17 Cinnamon | Win 7 Ult x64
 
 

Thanks for that, interesting reading.

Gosh, you just can't trust anybody these days
My System SpecsSystem Spec
Reply

 D-Link Router backdoor vulnerability discovered




Thread Tools





Similar help and support threads
Thread Forum
Mac OS X ‘rootpipe’ security vulnerability discovered...
Mac OS X ‘rootpipe’ security vulnerability discovered, but there’s no fix date yet Source A Guy
Security News
IP camera not working on TP link router but working on D link router
Dear sir, I am trying to setup an IP camera on my WDR 4300 Router. ROuter is just purchased. The camera says its ready at 192.168.1.100:8080 However when i open the same address in my Computer, the WEBPAGE NOT AVAILABLE is shown up. Both the camera and COmputer are connected to WDR 4300 via...
Network & Sharing
Netgear Patch Said to Leave Backdoor Problem in Router
Source A Guy
Security News
Backdoor in wireless DSL routers lets attacker reset router, get admin
Source A Guy
Security News
Highly Critical Vulnerability Discovered in Opera 10.52
Patch available. See link in Security - http://www.sevenforums.com/system-security/81676-highly-critical-vulnerability-discovered-opera-10-52-a.html#post710978
Browsers & Mail
Highly Critical Vulnerability Discovered in Opera 10.52
More... Highly Critical Vulnerability Discovered in Opera 10.52 - Patch available - Softpedia
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:31.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App