Multiple routers from D-Link has a vulnerability that could allow attacker to change the configuration, writes Computerworld’s news service.
There are security researcher Craig Heffner of Tactical Network Solutions stumbled over the hole.
In his blog, he notes that the average web user to select routers from D-Link can be accessed by setting the browser’s user-agent text to xmlset_roodkcableoj28840ybtide.
“genius” Joel
The trick with the seemingly random text string: Remove the numbers and read the back. “ Edit by Joel backdoor . ‘
– My guess is that the developer realized that some programs or services need to change the device settings automatically. When they realized that the web server already had all the code needed to change these settings, they decided to just send requests to the web server every time they needed to change something. Only problem was that the web server required username and password, which the user could change. In a ‘Eureka’ moment Joel jumped up and said “do not worry, I have a strategic plan.”, Writes Heffner.
These are affected
The problem with the left is that if an attacker gets hold of certain parts of the settings, all data traffic is set up to go through a rogue server and then all traffic is read and logged.
models in terms of the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604 +, TM-G5240 and possibly DIR-615. The same computer software is also used in Planex ‘routers BRL-04UR and BRL-04CW, according to Heffner. D-Link has not yet commented Heffner findings to our news service.
No comments:
Post a Comment