A rather worrying security vulnerability has been discovered which is affecting several D-Link branded modem routers. Posted on a website dedicated to Embedded Device Hacking, /dev/ttyS0, the vulnerability was discovered when one of its writers reverse engineered a firmware update from D-Link.
The security vulnerability will allow full access into the configuration page of the router without knowing the username and password. According to the blog post, when you set your user-agent on your browser to a certain string, the modem will skip the authentication functions and simply log you straight into the router – allowing you to configure anything at your leisure.
Of course, you do need to be connected to the particular router whether by Ethernet or Wireless to access the page – unless the router’s configuration page is publicly accessible. A quick web search can uncover hundreds of publicly accessible D-Link router configuration pages. TechGeek has independently verified the vulnerability on one of the affected models. At the moment, there is no way to protect yourself from this – just ensure you’re running the latest firmware on your router and you don’t have your routers configuration interface publicly accessible. According to the blog post, the firmware version 1.13 is affected and as well a small amount of known D-Link products:
- DIR-100
- DI-524
- DI-524UP
- DI-604S
- DI-604UP
- DI-604+
- TM-G5240
Most of the routers above are end-of-life routers and most likely not supported by D-Link anymore. We have asked D-Link Australia to comment, however, at the time of writing this article, a response has not been made. You can read up on the technical details of the backdoor by visiting the website. Do you own a D-Link modem? Let us know in the comments.
Thanks @timeimp for the tip
Updated 14/10/2013: Post was amended to include information on which firmware version is affected.