Backdoor in D-Link router found

M

MalwareVirus

Level 1
Thread author
Oct 6, 2012
770
18
31
Mars
dir-100_loaded_in_ida.png

All right. It’s Saturday night, I have no date, a two-liter bottle of Shasta and my all-Rush mix-tape…let’s hack.

On a whim I downloaded firmware v1.13 for the DIR-100 revA. Binwalk quickly found and extracted a SquashFS file system, and soon I had the firmware’s web server (/bin/webs) loaded into IDA:
Click to expand...
Based on the source code of the HTML pages and some Shodan search results, it can be reasonably concluded that the following D-Link devices are likely affected:

DIR-100
DI-524
DI-524UP
DI-604S
DI-604UP
DI-604+
TM-G5240

Additionally, several Planex routers also appear to use the same firmware:

BRL-04UR
BRL-04CW

You stay classy, D-Link.

Source
 
Update
D-Link is in the process of developing a patch for a serious security vulnerability in some of its older routers that essentially functions as a backdoor. The bug, discovered by a security researcher and publicized over the weekend, enables a remote user to log into an affected router as an administrator and take whatever actions he pleases.
Why the backdoor is present in the routers is a major question. Hardware manufacturers in the past, when confronted with similar questions, have said that they sometimes include such functionality for remote support or as a debugging mechanism during the development process and then mistakenly forgot to remove it. Heffner said that another researcher, Travis Goodspeed, suggested a possible reason for the presence of the D-Link backdoor.
Click to expand...

Source
 
You must log in or register to reply here.

You may also like...