D-Link Router Backdoor Vulnerability Allows Full Access To Settings

StealthHunter writes "It turned out that just by setting a browsers user-agent to 'xmlset_roodkcableoj28840ybtide' anyone can remotely bypass all authentication on D-Link routers. It seems that thttpd was modified by Alphanetworks who inserted the backdoor. Unfortunately, vulnerable routers can be easily identified by services like shodanHQ. At least these models may have vulnerable firmware: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240."

Will this stupidity ever end?

[gweihir]

Are these people too stupid to know that eventually, somebody _will_ analyze their firmware and find this? I think it is time to make them liable for a bit more than the device when things like these get found. Say, 10x the new value of the device to any customer that wants to give it back.

Re:Will this stupidity ever end?

[DigitAl56K]

Well, as an ex D-Link customer, I'm glad to see someone is analyzing their firmware.

Re:Will this stupidity ever end?

How about a Prison Sentence. These ego maniacs are putting people's bank account at risk. It is no different from writing a virus. In fact it is worse.

Many routers subject to UPnP vulnerability anyway

[DigitAl56K]

PDF link, published earlier this year, shows how many manufacturers use a stack with a UPnP vuln that gives root, even from the WAN side:

http://www.defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf

Point is, you probably weren't as safe as you thought you were, even before this new disclosure.

I think a huge problem with consumer-grade wifi routers today is that as manufacturers race to support new models with new wifi standards and new competitive feature sets, older models quickly become abandonware. There's very little guarantee around firmware updates for critical vulnerabilities, and end users are mostly oblivious to being at risk. By the time you pick up that $80 model from the store it's probably borderline EOL already.

Re:Backwards: edit by 04882 Joel backdoor

The big scandal here is how can a backdoor be known since 2010 and not revealed??!!!

Seriously? That's not a scandal, that's the way the world works. People that LOOK for stuff like that want to keep those exploits to themselves because they want to USE THEM. If you reveal the damn thing, it'll get patched.

Not many people want to do all the work of looking through binaries figuring out obscure shit like this just for fun.

Re:edited by 04882 Joel backdoor

[girlintraining]

s this the guy behind it? http://www.joesdata.com/executive/Joel_Liu_421313008.html Assuming good will, it seems like debugging code left in the final firmware release.

Regardless of how strong the evidence may be, uniquely identifying someone on the internet is dangerous and may even expose you to a slander/libel/defamation case. You may recall not long ago the witch hunt on reddit for the Boston Bomber. Over a dozen 'suspects' were named and shamed on the forums, none of whom turned out to be the actual person. Those people's lives crumbled into dust after, and police had to devote valuable resources at the time to protecting those individuals from vigilantes. Don't go the extra step of naming someone -- no matter how confident you are, the odds are very high that you're wrong. I know you think you're being edgy, smart, whatever and showing off your google-fu here, but you've actually rather accomplished the reverse -- you've demonstrated a reckless abandon and an inability to consider the consequences of your actions, or at least favoring momentary glory and recognition at the expense of another. Neither scores high marks in internet ethics.

On the internet, a loaded finger is a bigger threat than a loaded gun.