D-Link has finally released a patch to fix a serious vulnerability in a number of routers that allows a hacker to remotely change the settings.
The vulnerability was originally discovered back in October by Tactical Network Solutions vulnerability researcher Craig Heffner, who specializes in wireless and embedded systems. He reverse engineered a previous firmware update and saw that the vulnerability grants full access into the configuration page without the need for a username and password.
"Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string," reads the patch overview. "This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be affected; please contact these vendors directly at their regional websites."
Heffner discovered that if a browser's user agent string is set to "xmlset_roodkcableoj28840ybtide," hackers can gain access to these routers if connected to the network via Ethernet or wireless, or if the router's configuration page is publicly accessible. When reversed and the numbers removed, this string actually reads "edit by joel backdoor" as if the "backdoor" in the routers' firmware was intentionally placed.
"The so-called backdoor was implemented in these six older products as a failsafe for D-Link technical repair service to retrieve router settings for customers in case of firmware crashes that would result in lost configuration information," a company spokesperson told Bit-Tech back in October.
The firmware update was reportedly slated for a late October release but instead saw a slight delay. Models affected by the "backdoor" problem include DIR-100, DIR-120, DI-524, DI-524UP, DI-604UP, DI-604+, DI-624S, and TM-G5240. This new firmware is expected to lock those backdoors once and for all.
“Security and performance is of the utmost importance to D-Link across all product lines," a company rep previously stated. "This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards.”
D-Link previously suggested that customers should make sure their network is secure, and disable remote access to the router if it's not required. Customers should also ignore unsolicited emails that relate to security vulnerabilities and prompt them to action. For more information about the new firmware, head here.