Backdoor in D-Link routers found, making it possible for anyone to access it

Mave · Oct 14, 2013

Backdoor in D-Link routers found, making it possible for anyone to access your router without any credentials

http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/?

In other words, if your browser’s user agent string is “xmlset_roodkcableoj28840ybtide” (no quotes), you can access the web interface without any authentication and view/change the device settings (a DI-524UP is shown, as I don’t have a DIR-100 and the DI-524UP uses the same firmware):

xmlset_roodkcableoj28840ybtide backwards = Edit by 04882 joel backdoor

ThePro · Oct 16, 2013

Joel's gonna get fired.

Stybar · Oct 16, 2013

Hang on, I'm gonna have some with this. A lot of people in my dorm have a D-Link wifi router.
Que evil laughtrack.

Mave · Oct 16, 2013

Stybar said:
Hang on, I'm gonna have some with this. A lot of people in my dorm have a D-Link wifi router.
Que evil laughtrack.

Keep us updated.

Backdoor in D-Link routers found, making it possible for anyone to access it

Mave

TMS Founder

ThePro

Well-Known Member

Stybar

Yeah, groupsex seems to be the way to go

Mave

TMS Founder