A new backdoor vulnerability has been discovered in D-Link modem routers. The vulnerability allows a potential hacker to gain access to the configuration page of the router, even without knowing the username and password.
The vulnerability was recently discovered when a security researcher recently reverse engineered a firmware update meant for the D-Link router. To be able to break into the configuration page, all one needs to do is set the user-agent of browser to a given string. Once this is done, the D-Link modem will stop authenticating functions.
As a result, you will be able to access the router directly and tweak any settings that you wish to change. A slight compensation is that a hacker will need to be connected to the same router in order to access the settings. However, if the router is publicly accessible, it is possible for the hacker to even access it over internet and modify the settings remotely.
For now, it is confirmed that the firmware update 1.13 contains this vulnerability. Not only that, a number of D-Link router also come with this security loophole. The affected models include DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240.
Most of the aforementioned routers are already being phased out and only a few of them are used any more. D-Link hasn’t officially responded to the situation yet, so we will have to wait and see if the company dishes out a patch for this exploit.
Courtesy: Tech Geek