[TriLUG] If you run a D-Link router you may want to check this out - major hole!

Chuck Peters cp at axs.org
Wed Nov 20 22:34:53 EST 2013


On 11/20/2013 01:21 PM, Mike Shaw wrote:
> I came across this info in my weekly podcast shuffle and thought I might
> give everyone a heads up just in case they have a D-Link router mentioned
> and are running stock firmware:
>
> http://youtu.be/9W2BORQOE7M
>
> If you have one and are running stock firmware you might want to update
> your firmware.  :)
The video mentioned above interviews Craig Heffner, tacnetsol.com, and
he blogged about the issue at devttyS0:
http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/#more-1662

The issue can be exploited with a browser string
xmlset_roodkcableoj28840ybtide, and a quick test was posted in the blog
comments:
wget -U ‘xmlset_roodkcableoj28840ybtide’ http://x.x.x.x/public/

We have an old DI-624 which has a later version of firmware that isn't
susceptible to this particular issue. I really do need to setup hostapd
and stop using the old thing...


Chuck


More information about the TriLUG mailing list