Release date:
Updated on:
Affected Systems:
D-Link DI-524
D-Link DIR-100 1.13
D-Link DI-524UP
D-Link DI-604S
D-Link DI-604UP
D-Link DI-604 +
D-Link TM-G5240
Description:
--------------------------------------------------------------------------------
D-Link DIR-100 is a small Broadband Router integrated with firewall functionality.
DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604 +, TM-G5240 and several Planex router BRL-04UR and BRL-04CW, with backdoor vulnerabilities in firmware v1.13, if the browser's user proxy string is "xmlset_roodkcableoj28840ybtide" (no quotation marks), you can access the Web interface of the vro without authentication to view or change the affected device settings.
<* Source: Craig
Link: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
Http://www.solidot.org/story? Sid = 1, 36791
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
D-Link
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.dlink.com/