D-Link upgrades its firmware to fix backdoor presence
D-Link company has recently released a new version of firmware to fix backdoor vulnerability in various network device models.
Last October the security expert Craig Heffner discovered a backdoor inside different D-Link routers. Craig published an interesting blog post on “/dev/ttyS0″ on the reverse engineering of the backdoor (CVE-2013-6027) present in many D-Link devices, it described how an attacker was able to alter a router setting by passing the authentication mechanism.
Craig reverse engineered the D-Link Backdoor, discovering that if attacker browser user agent string is xmlset_roodkcableoj28840ybtide, he can access the web interface of the D-Link device bypassing authentication procedure and view/change the device settings.
Reading the string xmlset_roodkcableoj28840ybtide backwards it appears as “Edit by 04882 joel backdoor“.
Last week, D-Link has issued a new release of firmware for the vulnerable router models, the new software includes a fix to prevent unauthorized administrator access. D-Link has released the updates for the following models:
DIR-100
DIR-120
DI-524
DI-524UP
DI-604UP
DI-604+
DI-624S
TM-G5240
The security advisory issued by D-Link suggests users to do not enable the Remote Management feature to avoid being a victim of a cyber attack that exploits the backdoor. Belowthe recommendation provided by the D-Link Company to its customers:
Do not enable the Remote Management feature since this will allow malicious users to use this exploit from the internet. Remote Management is default disabled on all D-Link Routers and is included in customer care troubleshooting if useful and the customer enables it.
If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorized persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
Make sure that your wireless network is secure.
If you are interested to find vulnerable devices within your organization you can use the NMAP script written in Python and published on pastebin.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.
