D-Link router backdoor vulnerability fix in the works

Over the weekend, researcher Craig Heffner of Tactical Network Solutions revealed that a fairly simple hack would allow certain D-Link routers to be breached, bypassing the authentication process and leaving one's data open to snooping. Presently, there's no way to patch the issue, but now D-Link has come forward stating that it will have a solution by the end of this month.

The vulnerability lies with a backdoor in the firmware. If a hacker sets their browser to a specific user agent string, they'll be able to access the router's web panel without entering a username and password. From there, the password can be changed or removed and other settings can be changed to suit the hacker's need. The odds are the router's owner wouldn't notice that something was up (unless the password was changed, obviously).

Giving the vulnerability an interesting side, the user agent string when read in reverse says, "edit by 04882 joel backdoor." No word has been given about when the backdoor surfaced in the firmware, nor has D-Link provided its own list of affected routers. In an emailed statement, the company said that the fix will come by way of a firmware update that will be made available on the company's support website.

While all affected routers are vulnerable until updated with the new firmware, D-Link is advising users to make sure there's a password in place and that the remote access feature is turned off, something that will make the infiltration process harder. Once the update is available, users with the vulnerable routers (of which an official list is not yet available) are encouraged to update immediately.

SOURCE: Computerworld