D-Link has acknowledged the presence of a backdoor in version 1.13 of its firmware and has announced that it will be releasing an update to fix the issue by end of the month.
The vulnerability was reported by Craig Heffner of Tactical Network Solutions wherein the firmware code contained a hardcoded backdoor that would allow anyone connected to the network could set their user agent string to a specific value and gain unauthorized administrative access to the router.
Heffner noted that attackers are only required to set their browser’s user agent string to “xmlset_roodkcableoj28840ybtide” and then connect to either DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, or TM-G5240 loaded with firmware v1.13 to gain access to the administrative interface.
The router may have its external entry points blocked, but the vulnerability can still be exploited from within the network and if visitors have been provided with guest access, they can very well access the administrative interface and change the settings around.
By the time D-Link provides a patch, which will be made available here, it has listed a few precautionary steps that users can follow to remain secure. The company notes that users should stay away from unsolicited emails about security vulnerabilities and not to open them or click on the links within the body of the email.
D-Link also recommends users to disable remote access feature on their routers, if they absolutely don’t need it. D-Link also recommends that users secure their wireless networks and enforce a strong password requirement for their Wi-Fi networks.
