Serious Security Problem with D-Link Routers
A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device’s settings, a serious security problem that could be used for surveillance.
Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability. Heffner wrote on his blog that the web interface for some D-Link routers could be accessed if a browser’s user agent string is set to “xmlset_roodkcableoj28840ybtide.–InfoWorld.com
D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.
The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.–
…D-Link will release firmware updates to address the vulnerability in affected routers by the end of October, the networking equipment manufacturer said via email.
The updates will be listed on a security page on the D-Link website and in the download section of the support page for each affected product.