{"id":151,"date":"2013-10-22T09:37:02","date_gmt":"2013-10-22T15:37:02","guid":{"rendered":"http:\/\/www.businesstechnologyassociates.com\/blog\/?p=151"},"modified":"2022-08-17T16:55:27","modified_gmt":"2022-08-17T22:55:27","slug":"d-link-router-backdoor-vulnerability","status":"publish","type":"post","link":"https:\/\/www.businesstechnologyassociates.com\/blog\/2013\/10\/d-link-router-backdoor-vulnerability\/","title":{"rendered":"D-Link Router Backdoor Vulnerability"},"content":{"rendered":"<p>The <a href=\"http:\/\/www.us-cert.gov\/\" target=\"_blank\" rel=\"noopener\">US-CERT<\/a>, a part of the Department of Homeland Security,\u00a0 has issued a <a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/248083\">warning<\/a> that certain D-Link routers have firmware that contains a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Backdoor_%28computing%29\" target=\"_blank\" rel=\"noopener\">backdoor<\/a> for remote users to access router administrative functions <span style=\"text-decoration: underline;\"><strong>without entering the administrator password<\/strong><\/span>.\u00a0 Besides D-Link, Planex and Alpha Networks devices may also contain this firmware.<\/p>\n<p>According to D-Link, the following D-Link routers are affected:<\/p>\n<ul type=\"disc\">\n<li>DIR-100<\/li>\n<li>DIR-120<\/li>\n<li>DI-624S<\/li>\n<li>DI-524UP<\/li>\n<li>DI-604S<\/li>\n<li>DI-604UP<\/li>\n<li>DI-604+<\/li>\n<li>TM-G5240<\/li>\n<\/ul>\n<p>For more detailed up-to-date information go to this <a href=\"http:\/\/www.dlink.com\/uk\/en\/support\/security\" target=\"_blank\" rel=\"noopener\">D-Link page on this issue<\/a>.<\/p>\n<p>According to <a href=\"https:\/\/web.archive.org\/web\/20210817155159\/http:\/\/www.devttys0.com\/2013\/10\/reverse-engineering-a-d-link-backdoor\/\">the original vulnerability report<\/a>, the following Planex routers are likely affected:<\/p>\n<ul type=\"disc\">\n<li>BRL-04R<\/li>\n<li>BRL-04UR<\/li>\n<li>BRL-04CW<\/li>\n<\/ul>\n<p>If you have one of these routers, check to make sure that the remote configuration from the Internet is not allowed (default setting).\u00a0 This may have been changed by <a href=\"http:\/\/en.wikipedia.org\/wiki\/ISP\" target=\"_blank\" rel=\"noopener\">ISPs<\/a> that remotely administer customers Internet connections.<\/p>\n<p>Security researcher <a href=\"https:\/\/web.archive.org\/web\/20210614121453\/http:\/\/www.devttys0.com\/2015\/04\/hacking-the-d-link-dir-890l\/\" target=\"_blank\" rel=\"noopener\">Craig Heffner<\/a> found these routers&#8217; internal web server will accept and process any HTTP requests that contain the User-Agent string &#8220;xmlset_roodkcableoj28840ybtide&#8221; without checking if the connecting host is authenticated.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The US-CERT, a part of the Department of Homeland Security,\u00a0 has issued a warning that certain D-Link routers have firmware that contains a backdoor for remote users to access router administrative functions without entering the administrator password.\u00a0 Besides D-Link, Planex and Alpha Networks devices may also contain this firmware. According to D-Link, the following D-Link &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.businesstechnologyassociates.com\/blog\/2013\/10\/d-link-router-backdoor-vulnerability\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;D-Link Router Backdoor Vulnerability&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,17,3],"tags":[],"class_list":["post-151","post","type-post","status-publish","format-standard","hentry","category-internet","category-security","category-technology"],"_links":{"self":[{"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/posts\/151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/comments?post=151"}],"version-history":[{"count":7,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/posts\/151\/revisions"}],"predecessor-version":[{"id":364,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/posts\/151\/revisions\/364"}],"wp:attachment":[{"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/media?parent=151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/categories?post=151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.businesstechnologyassociates.com\/blog\/wp-json\/wp\/v2\/tags?post=151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}