D-Link Releases Router Firmware Updates for backdoor vulnerability

In October, A Security researcher ‘_Craig _____Heffner’ discovered a backdoor vulnerability (CVE-2013-6027) with certain D-Link routers that allow cyber criminals to alter a router setting without a username or password.

Last week, D-Link has released new version of Firmware for various vulnerable router models, that patches the unauthorized administrator access backdoor.

Heffner found that the web interface for some D-Link routers could be accessed if the browser’s user agent string is set to xmlset_roodkcableoj28840ybtide.

From last month, D-Link was working with Heffner and other security researchers, to find out more about the backdoor and now the Company has released the updates for the following models:

• DIR-100
• DIR-120
• DI-524
• DI-524UP
• DI-604UP
• DI-604+
• DI-624S
• TM-G5240

The company advised users to do not enable the _Remote Management _feature, since this will allow malicious users to use this exploit from the internet and also warned to ignore unsolicited emails:

> If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorized persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.

NMAP script was also released last month to scan and find the vulnerable routers, you can download it for testing purposes and a Python based proof of concept exploit was also published on pastebin.

Readers strongly recommend to download and install the relevant updates as soon as possible for their network Security and make sure that your wireless network is secure.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.