Backdoor found in D-Link firmwares

deadite66 · 13 Oct 2013 at 19:17

Link currently down, likely overwhelmed.
http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

If you change your useragent to a certain string you can log into any effected routers without a login/pass.

Based on the source code of the HTML pages and some Shodan search
results, it can be reasonably concluded that the following D-Link
devices are likely affected:

DIR-100
DI-524
DI-524UP
DI-604S
DI-604UP
DI-604+
TM-G5240

Additionally, several Planex routers also appear to use the same firmware:

BRL-04UR
BRL-04CW

Craig321 · 13 Oct 2013 at 19:32

User agent is interesting read backwards

Apparently it's quite old, it was on a Russian website a while ago! Glad I don't have any d-link devices. Saying that, anyone silly enough to have management open on port 80 to the public deserves it

KIA · 13 Oct 2013 at 21:13

http://webcache.googleusercontent.c...j4&sourceid=chrome&espv=210&es_sm=93&ie=UTF-8

KIA · 2 Dec 2013 at 16:41

A fix is available for some of the D-Link models. http://krebsonsecurity.com/2013/12/important-security-update-for-d-link-routers/