D-Link Routers Compromised: Universal Backdoor Discovered

Earlier this week, vulnerability researchers at Tactical Network Solutions announced in their blog that a major hole had been discovered in several models of D-link and Planex routers.

The uses for custom router firmware have always been clear to tech enthusiasts and those concerned with their security, but given the revelations of the past week, the average consumer might want to start keeping a much closer eye on who’s coming in and out of their network from now on.

Normally whenever you set up a new router, you are prompted for a username and password in order to access the main dashboard where the internet and firewall settings are located. From this screen you can retrieve IP addresses of everyone connected to the network, along with their browsing habits and the ports their programs use to upload content to the web. This is valuable stuff to online data thieves, and in the wrong hands this information could be catastrophic for the hardware manufacturer and those who trusted their data to remain safe behind their protected ports.

Staffer Craig Heffner was the first to discover the login-related bug, which popped up when he ran a harmless Binwalk extraction on the DIR-100’s v1.13 firmware. In the plaintext data he found a piece of code that alluded to a hole where only thing an unauthenticated user would need to do is change their user string to “xmlset_roodkcableoj28840ybtide”, (which spells “edit by (04882) joel backdoor” backwards), to gain full bypassed access to the network. Using this hack automatically granted any user backdoor anonymous use on a number of different models, including the DIR-100, DI-604+, DI-524, DI-604UP DI-524UP, DI-604S, and TM-G5240 units. In turn, Planex models are also affected, as they use the same firmware as the D-Link machines in question.


D-Link will release updates to address the vulnerability by the end of October, the manufacturer said via email. “Owners of affected devices can minimize any potential risk by ensuring that their router has the Wi-Fi password enabled and that remote access is disabled.”

If you are using any networking equipment from D-Link, you can install a custom firmware through DD-WRT or Tomato until the hole is patched at the end of this month. Both come with a wide variety of options you can use to network your home together safely and securely, and they even enable you to set up custom VPN options right from the control panel.

Source: The Register