It appears that one of the latest focus lately is turning into routers back-doors, and several were found leaving networks open to unauthorized access and control.

Reminds me of the saying: Be very glad that your PC (adding your Network) is insecure.

D-Link and Planex

Several D-Link and Planex routers were the highlight of this back-door topic this week, where an easy to exploit backdoor was found enabling attackers to take complete control over the administration section, hence taking control over your network.

Originally security researcher “Craig Heffner” highlighted this vulnerability on his website /dev/ttyS0  by reverse-engineered the firmware of a D-Link router (ver.1.13). The discovery was of a magic string (“xmlset_roodkcableoj28840ybtide“) which was hard-coded into the software and if defined directly as the Browser User Agent it will authorize you for a remote administration session (seams to be originally designed to be used in remote support and update) bypassing the login procedure.

From the affected D-Link routers having the above mentioned firmware version we have:

  • DIR-100
  • DIR-120
  • DIR-615
  • DI-624S
  • DI-524UP
  • DI-604S
  • DI-604UP
  • DI-604+
  • TM-G5240

And from the Planex routers we have:

  • BRL-04UR
  • BRL-04CW

D-Link seams to be releasing firmware updates to fix this vulnerability.

From China, With Love

An interesting title for “Craig’s Heffner” article on the continuous routers firmwares reverse engineering and back-doors. In this article Graig, reversed engineer a Chinese originated router courtesy of Tenda.

This one shows that not only D-Link and Planex are vulnerable, other routers manufacturers are implementing back-doors into their routers firmwares. The analyzed fimrware is the one for Tenda’s W302R wireless router, showed that a simple UDP packet can lead to the unauthorized access. As Graig, explained it is exploitable from LAN only not WAN, yet can be exploited from wireless networks with WPS enabled using brute-force attack.

Oh sorry we didn’t mean to put a backdoor on our products. We will release a fix having a different one.

>> Related and Original Articles: