Slashdot Mirror

← Back to Stories (view on slashdot.org)

D-Link Router Backdoor Vulnerability Allows Full Access To Settings

Posted by samzenpus on Sunday October 13, 2013 @03:07PM from the protect-ya-neck dept.

StealthHunter writes "It turned out that just by setting a browsers user-agent to 'xmlset_roodkcableoj28840ybtide' anyone can remotely bypass all authentication on D-Link routers. It seems that thttpd was modified by Alphanetworks who inserted the backdoor. Unfortunately, vulnerable routers can be easily identified by services like shodanHQ. At least these models may have vulnerable firmware: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240."

2 of 228 comments (clear)

Min score:

Reason:

Sort:

discipline by Moblaster · 2013-10-13 15:40 · Score: 5, Funny

The Beatings Will Continue... Until the Firmware Improves.
Re:Cisco by cjjjer · 2013-10-14 02:19 · Score: 5, Funny

Remind me never to pick you as a team-mate for Trivial Pursuit.