dslreports logo
spacer
1
spacer
 
   
spc
story category
Backdoor Found in D-Link Routers
by Karl Bode 08:01AM Tuesday Oct 15 2013 Tipped by justin See Profile
A back door has been found in the firmware for a number of later-model D-Link router models, allowing an intruder to bypass user authentication. The backdoor was first found by Craig Heffner, a vulnerability researcher with Tactical Network Solutions, who was tinkering with the 1.13 version of the firmware for the D-Link DIR-100 revA router.

Click for full size
According to a blog post by Heffner, the backdoor is trivially-easy to access.

"If your browser’s user agent string is 'xmlset_roodkcableoj28840ybtide' (no quotes), you can access the web interface without any authentication and view/change the device settings," notes Heffner.

Impacted models include the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240 and potentially the DIR-615 (distributed by Virgin Mobile). Planex Communications BRL-04UR and BRL-04CW routers may also be impacted, as they utilize the same firmware.

"We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed," D-Link's security and support website informs users. "We will continue to update this page to include the relevant product firmware updates addressing these concerns."

The backdoor is only the latest in a string of security embarrassments for the company. In 2010 a number of D-Link routers were found (pdf) to have "insecure implementations of the HNAP (Home Network Administration Protocol)." More recently, a number of the company's security video products were also found to have significant vulnerabilities allowing hackers to bypass authentication.

view:
topics flat nest 

dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ
kudos:4

xmlset_roodkcableoj28840ybtide

"edit by 04882joel backdoor"
guessing the dudes nick was 04882joel. rofl!
--
Despises any post with strings.

ARGONAUT
Have a nice day.
Premium
join:2006-01-24
New Albany, IN
kudos:1

:P

D-Link has a backdoor love affair.. ZZ Top fan forever!
--

Better use Seal Team Six to take out the financial terrorist.

88615298
Premium
join:2004-07-28
West Tenness

Not shocking at all

It's D-Link

Meh

@74.63.112.x

Re: Not shocking at all

said by 88615298:

Not shocking at all. It's D-Link

I would think almost all programmers everywhere code in back doors to their systems just so that when level3 support has to get in to a screwed up system they have a way in.

battleop

join:2005-09-28
00000

Re: Not shocking at all

Only if they are not security minded. If it exists it can be exploited.

bobjohnson
Premium
join:2007-02-03
Orlando, FL

Is this surprising?

As you get what you pay for. It doesn't surprise me at all that the cheapest line of routers has some security flaws. D-Link is not a brand that I have ever considered anyway.

Scree
In the pipe 5 by 5

join:2001-04-24
Mount Laurel, NJ

Re: Is this surprising?

wow
tkdslr

join:2004-04-24
Pompano Beach, FL
Reviews:
·T-Mobile US

No patches for older products.

One of my clients uses a DI-604.. Which has kept them relativity secure(no successful direct outside attacks) for many years..

It's fast enough to keep up with my clients 6Mb/sec aDSL connection.

But the last firmware/backdoor update is dated 2008.. and it doesn't look like D-link is going to update it..

I guess it just confirms my suspicions and adds to my justification for picking up a pair of Dual band(5//2.4Ghz) net gear routers which I plan on flashing DD_WRT onto..

No more back doors.. Can/will be supported for a long time to come.

None of this two years after last sale and no more support crap.

PapaMidnight

join:2009-01-13
Baltimore, MD

Re: No patches for older products.

Perhaps it's just my opinion, but DD-WRT support has been slipping as well, and for the past few years at that. Don't even get me started on Tomato. When pfSense 1.2.3 was released a few years back, I just went that route and haven't looked back.

SysOp

join:2001-04-18
Douglasville, GA

Privacy and Security #Freedomz

douchbag dlink locks up constantly freezes with genuine admin pass latest firmware idle gigabit lan;

twice as fast and double the bandwidth in NSA backdoor mode

pjhofmann

join:2000-08-22
Cary, NC

1 recommendation

Which movie :) ?

Mr. Potatohead!... Mr Potatohead!! Backdoors are not secrets !!!
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

1 recommendation

Re: Which movie :) ?

But your giving away our best tricks!!

exocet_cm
Free at last, free at last
Premium
join:2003-03-23
kudos:3
WarGames. Good movie.

pjhofmann

join:2000-08-22
Cary, NC

Re: Which movie :) ?

Love that movie, came out during my early teens.

That was the best scene of the movie

"Remember when you told me to tell you when you're being rude and insensitive."

Shakes head.

"You're doing it right now."

HA !

newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
kudos:1

Now they'll stay way in droves

D-link has never been in contention for any router purchase I was contemplating.

Thank god for my spidey sense.

Simba7
I Void Warranties

join:2003-03-24
Billings, MT

1 recommendation

dd-wrt or OpenWrt

One reason I utilize dd-wrt/OpenWrt-compatible routers.

BimmerE38FN

join:2002-09-15
Boise, ID
kudos:1
Reviews:
·CableOne

Not all products are affected...

This only effects those routers listed and doesn't effect much of anything else. All of those models listed are already Phased out and no longer developed on. The DIR-100 is still active however is only marketed in the EU. Check with D-Link if your really concerned about this on the phone. I'm sure not all products are affected.

NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless

What is a "later-model" D-Link router

I don't know what either Karl or Justin consider a "later-model" D-Link router, but I just tested the three active D-Link routers on my network (DIR-601-A1, DIR-655-B1, and EBR-2310-C1) for both LAN and WAN access, and none of them paid any attention to the backdoor user-agent.

If you have a D-Link router, and you are concerned about this backdoor revelation, just use a Mozilla based router with a user-agent changer add-on and test it. And if you want to test and make sure that your user-agent is correctly setup, feel free to use my »portscan.dcsenterprises.net/env. ··· nection! on-line html environment test.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

BimmerE38FN

join:2002-09-15
Boise, ID
kudos:1
Reviews:
·CableOne

Re: What is a "later-model" D-Link router

I think it only effects those older models that had this code. It was probably never removed as they when into Phase Out status and wasn't removed or fixed, and most of the other products now days are are different platforms which never had this problem. Thanks for sharing your results.

AnonMe

@comcastbusiness.net

Why is this a problem?

I thought ALL DLink products died 13 months after being out of the box! Every D-Link I have ever owned has crapped out within a year or so of purchasing.

BimmerE38FN

join:2002-09-15
Boise, ID
kudos:1

Re: Why is this a problem?

I have have my DGL-4500 from 2007, still working well for me. I have others too spanning longer than 13 months....Sounds like a user configuration issue to me.

cork1958
Cork
Premium
join:2000-02-26
Never had a single issue with either of the D-Links I've owned either, as far as crapping out anyway.

My sister still uses the first one I bought some 13 years ago, I believe. It does have one bad port on it that doesn't work.

Main reason I went with another brand is to be able to load Tomato on it, which isn't al it used to be cracked up to be anymore either.
--
The Firefox alternative.
»www.mozilla.org/projects/seamonk ··· amonkey/

BimmerE38FN

join:2002-09-15
Boise, ID
kudos:1
I think using 3rd party FW is fun and kewl to check out for us geek people. However one a daily basis for the avg Joe...Might be best to keep OEM FW.

camper
Premium
join:2010-03-21
Bethel, CT
kudos:1
Reviews:
·Comcast

My web server is being scanned...

> If your browser’s user agent string is 'xmlset_roodkcableoj28840ybtide' (no quotes), you can access the web interface without any authentication and view/change the device settings," notes Heffner.
 

 

My web server is being scanned using that agent string. I was wondering why the scans started up all of a sudden....

BimmerE38FN

join:2002-09-15
Boise, ID
kudos:1

Re: My web server is being scanned...

What model router do you have?

HD_Ride
Premium
join:2000-10-18
Jerseyastan

RE: Backdoor D-Link Routers

I had two of their DIR-655 routers, the second was the replacement of the first and both turned out to be huge failures. After 3 -5 days the D-Link firmware would repeatedly lockup. And if that wasn’t enough I purchased a D-Link Ethernet switch and that failed only after a few months of service. Ultimately I ended up with a $60 TP-Link N router and flashed it with dd-wrt. The TP-Link has been up for just about three years and no problems whatsoever. I would suggest to the folks that have D-Link routers to go to the dd-wrt router-database and see if your device supports dd-wrt and use the suggested build of dd-wrt. Then learn how to install it,do the 30/30/30 reset, flash the router, reset again and configure it and then forget about it. D-Link’s firmware should be ranked amongst the worst.

BimmerE38FN

join:2002-09-15
Boise, ID
kudos:1
Reviews:
·CableOne

Re: Backdoor D-Link Routers

I've never had any problems with my DIR-655. Maybe you should try this and see if it helps any: »forums.dlink.com/index.php?topic ··· =54498.0 Post if you want more help. D-Link FW works very well for others. Other variables can cause router problems, not just FW.

HD_Ride
Premium
join:2000-10-18
Jerseyastan

Re: Backdoor D-Link Routers

said by BimmerE38FN:

I've never had any problems with my DIR-655. Maybe you should try this and see if it helps any: »forums.dlink.com/index.php?topic ··· =54498.0 Post if you want more help. D-Link FW works very well for others. Other variables can cause router problems, not just FW.

Thanks but not interested. The ONLY way I’d ever go back to a D-Link router is if my router failed and I received a great deal on a DLink router that was compatible with dd-wrt or tomato. D-Link firmware was an epic failure here TWICE so no reason to go back, plus I like and some of the advanced features not found in retail routers

BimmerE38FN

join:2002-09-15
Boise, ID
kudos:1

Re: RE: Backdoor D-Link Routers

Kewl, Good Luck.