[AusNOG] Possible DLINK router backdoor
Heinz N
ausnog at equisoft.com.au
Mon Oct 14 17:41:16 EST 2013
"In other words, if your browser's user agent string is
"xmlset_roodkcableoj28840ybtide" (no quotes), you can access the web
interface without any authentication and view/change the device settings"
http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
More :
"Based on the source code of the HTML pages and some Shodan search
results, it can be reasonably concluded that the following D-Link devices
are likely affected: DIR-100 DI-524 DI-524UP DI-604S DI-604UP DI-604+
TM-G5240
Additionally, several Planex routers also appear to use the same firmware:
BRL-04UR BRL-04CW"
More information about the AusNOG
mailing list