Serious Security Problem with D-Link Routers

Serious Security Problem with D-Link Routers

A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device’s settings, a serious security problem that could be used for surveillance.

Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability. Heffner wrote on his blog that the web interface for some D-Link routers could be accessed if a browser’s user agent string is set to “xmlset_roodkcableoj28840ybtide.–InfoWorld.com

UPDATE:

D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.

The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.–

…D-Link will release firmware updates to address the vulnerability in affected routers by the end of October, the networking equipment manufacturer said via email.

The updates will be listed on a security page on the D-Link website and in the download section of the support page for each affected product.
PC World

163 total views, 1 views today

(Visited 20 times, 1 visits today)

4 thoughts on “Serious Security Problem with D-Link Routers

  1. Is D-Link router, DIR-619L, part of the security alert?
    What does it mean that my router is not listed on D-Link web site?

    • This original post was from 2013, with a statement saying that problem was supposed to be patched in October of 2013. I would suggest, if you have any questions about this, as an ongoing issue, please contact the provider directly.

  2. Purchased from Dish technician on install, an DIR-619L router that isn’t listed on D-Link web site. Does backdoor warning apply to my router?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.