BreachExchange mailing list archives
Back door found in D-Link routers
From: Lee J <lee () riskbasedsecurity com>
Date: Mon, 14 Oct 2013 10:59:19 +1100
http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/ A group of embedded device hackers has turned up a vulnerability in D-Link consumer-level devices that provides unauthenticated access to the units' admin interfaces. The flaw means an attacker could take over all of the user-controllable functions of the popular home routers, which includes the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240 units. According to the post<http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/> on /DEV/TTYS0, a couple of Planex routers are also affected, since they use the same firmware. A Binwalk extract of the DLink DIR-100 firmware revealed that an unauthenticated user needs only change their user agent string to xmlset_roodkcableoj28840ybtide to access the router's Web interface with no authentication. The /DEV/TTYS0 researcher found the user agent string inside a bunch of code designed to run simple string comparisons. For one of those comparisons, “if the strings match, the check_login function call is skipped and alpha_auth_check returns 1 (authentication OK)”, the author notes. Some commentards to that post claimed to have successfully tested the backdoor against devices visible to the Shodan device search engine. The /DEV/TTYS0 author, Craig, says the backdoor exists in v1.13 of the DIR-100revA products. At this point, there's no defence against the backdoor, so users are advised to disable WAN-port access to the administrative interfaces of affected products. ®
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Back door found in D-Link routers Lee J (Oct 21)