Backdoor found in D-Link routers

By
Follow google news

Known since 2010.

 

Backdoor found in D-Link routers
Craig Heffner. Source Black Hat USA 2013

An easily exploitable backdoor that provides full control over the device has been discovered in several routers made by D-Link, potentially putting networks and user data at risk.

Security researcher Craig Heffner of Tactical Network Solutions discovered the backdoor by disassembling the version 1.13 D-Link firmware for the DIR-100 and discovered the alpha_auth_check function inside it.

After some detective work Heffner, who specialises in embedded systems, worked out that the function opens up a backdoor into popular consumer DSL and wireless routers.

By setting the user-agent identifier in a web browser to the string "xmlset_roodkcableoj28840ybtide", anyone can access the administrative web interface on certain D-Link routers, without authentication. 

Heffner tried on a DI-524UP wireless router and confirmed that setting the user-agent to the above string provides full control over the device.

Spelt backwards, the string reads "Edit by Joel 04882 backdoor". At this stage, it is not known who Joel is. According to Heffner, the firmware appears to have been modifled by D-Link spin-off Alpha Networks, but it isn't known if the company inserted the backdoor.

Heffner believes several D-Link devices have the backdoor in their firmware, and listed the below models as likely to be vulnerable:

  • DIR-100
  • DI-524
  • DI-524UP
  • DI-604S
  • DI-604UP
  • DI-604 +
  • TM-G5240

Several of the above D-Link routers have been or are sold in Australia currently, and iTnews was able to replicate Heffner's findings on a Dl-604 router.

Two models from Japanese vendor Planex are also listed by Heffner as being vulnerable, namely the BRL-04UR and BRL-04CW routers, as they use the same D-Link firmware.

The exploit has been know since at least 2010, when it was mentioned in Russian Internet forums. It has also recieived a mention on the Russian Incontact or VK social network after Heffner's blog post. 

VK has around 228 million users currently.

iTnews has sought comment from Heffner and D-Link on the backdoor discovery, and will update the story when it becomes available.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
backdoorblack hatdlinksecurityvulnerabilities

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

National photo licence recognition system set to go live in 2025

National photo licence recognition system set to go live in 2025
Australia's new cyber affairs ambassador sourced from ASD

Australia's new cyber affairs ambassador sourced from ASD
Hackers using F5 devices to target US gov networks

Hackers using F5 devices to target US gov networks
Microsoft breaks Windows 11 Recovery Environment in October update

Microsoft breaks Windows 11 Recovery Environment in October update
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?