D-Link is tending to the router backdoor security issue that affects some of its routers, D-Link routers reportedly have an issue that makes them susceptible to unauthorized backdoor access.
This is began on Saturday night, when it was discovered by Craig Heffner. Mr.Craig Heffner is the specialized researcher on the embedded device hacking.
He had demonstrated the presence of a backdoor within some D-Link routers that allows an attacker to access the administration web interface of network devices without any authentication and view/change its settings. He found the backdoor inside the firmware v1.13 for the DIR-100 revA. Craig found and extracted the SquashFS file system loading firmware’s web server file system (/bin/webs) into IDA. Heffner, who worked on a D-Link DIR 100 to explore the vulnerability, explored further and said that, in total, seven different D-Link models of routers could be vulnerable.
The BBC noted that Heffner's analysis revealed a string of letters that, if used in a certain way, could unlock remote access. To see which other router models might have the same backdoor vulnerability, Heffner used a special search engine, Shodan. Heffner concluded that the same string could work on a total of seven D-Link router types, based on source code of the HTML pages and search results.
The Craig's attention was captured by a modified version of httpd, the httpd-alphanetworks/2.23, implemented to provide the rights to the administrative interface for the router. A spin-off company of D-Link, analyzing it Craig found many custom functions characterized by a name starting with suffix “alpha” including the alpha_auth_check.
D-Link had stated regaring this on their website that it is releasing firmware updates to address the vulnerability in affected routers. "Security and performance is of the utmost importance to D-Link across all product lines.
D-Link is presently working with Heffner and other researchers to learn more about the vulnerability. D-Link said it is also continuing to review its entire product line to make sure vulnerabilities are addressed
D-link said below words on their website statement.
"We are proactively working with the sources of these reports,"
D-Link already had posted a number of patches it was making available to address the vulnerability. The page is titled "Update on Router Security issue." The company said that "Various media reports have recently been published relating to vulnerabilities in network routers, including D-Link devices." and they are released the few firmware updates for the DIR-300, DIR-600, DIR-615, DIR-645, DIR-815, DIR-845L, DIR-865L, DSL-320B and DSL-321B.
D-Link will update this continually and we strongly recommend all users to install the relevant updates.
D-Link suggests that customers ignore unsolicited emails that relate to security vulnerabilities and prompt them to action. Customers should also make sure their network is secure, and disable remote access to the router if it's not required.
This is began on Saturday night, when it was discovered by Craig Heffner. Mr.Craig Heffner is the specialized researcher on the embedded device hacking.
He had demonstrated the presence of a backdoor within some D-Link routers that allows an attacker to access the administration web interface of network devices without any authentication and view/change its settings. He found the backdoor inside the firmware v1.13 for the DIR-100 revA. Craig found and extracted the SquashFS file system loading firmware’s web server file system (/bin/webs) into IDA. Heffner, who worked on a D-Link DIR 100 to explore the vulnerability, explored further and said that, in total, seven different D-Link models of routers could be vulnerable.
The BBC noted that Heffner's analysis revealed a string of letters that, if used in a certain way, could unlock remote access. To see which other router models might have the same backdoor vulnerability, Heffner used a special search engine, Shodan. Heffner concluded that the same string could work on a total of seven D-Link router types, based on source code of the HTML pages and search results.
The Craig's attention was captured by a modified version of httpd, the httpd-alphanetworks/2.23, implemented to provide the rights to the administrative interface for the router. A spin-off company of D-Link, analyzing it Craig found many custom functions characterized by a name starting with suffix “alpha” including the alpha_auth_check.
D-Link had stated regaring this on their website that it is releasing firmware updates to address the vulnerability in affected routers. "Security and performance is of the utmost importance to D-Link across all product lines.
D-Link is presently working with Heffner and other researchers to learn more about the vulnerability. D-Link said it is also continuing to review its entire product line to make sure vulnerabilities are addressed
D-link said below words on their website statement.
"We are proactively working with the sources of these reports,"
D-Link already had posted a number of patches it was making available to address the vulnerability. The page is titled "Update on Router Security issue." The company said that "Various media reports have recently been published relating to vulnerabilities in network routers, including D-Link devices." and they are released the few firmware updates for the DIR-300, DIR-600, DIR-615, DIR-645, DIR-815, DIR-845L, DIR-865L, DSL-320B and DSL-321B.
D-Link will update this continually and we strongly recommend all users to install the relevant updates.
D-Link suggests that customers ignore unsolicited emails that relate to security vulnerabilities and prompt them to action. Customers should also make sure their network is secure, and disable remote access to the router if it's not required.
No comments:
Post a Comment