An easy hack that affects D-Link routers has recently been discussed in this article from devttys0.com. The writer of the article, Craig, goes through the steps of how the exploit works in great detail. If you are running a D-Link router in your home or office, should you be worried? We will go over a summary of the exploit here.
What’s the problem?
In a nutshell, if someone is connected to your home or office network they can change the user agent, which tells the website a little bit of information about your computer, giving them access to change the main settings of your D-Link router. The user agent needs to be set to “xmlset_roodkcableoj28840ybtide” which is backwards for “Edit by 04882 Joel Backdoor”, further pointing to this being originally used as a backdoor to the D-Link settings.
Once an attacker is connected to your D-Link settings they can change passwords, network settings and wireless settings. A hardware reset should fix you right up if you are attacked.
How can I check my home/office wifi?
The first thing you want to do is to flip your D-Link router over and check if the model matches any of the following:
DIR-100
DI-524
DI-524UP
DI-604S
DI-604UP
DI-604+
TM-G5240
Several Planex routers also use the same firmware:
BRL-04UR
BRL-04CW
Even if your model number is not listed, there is no guarantee the D-Link or Planex router you are running will not have the same or similar problem. The exploit was tested on a specific version of the D-Link router software but there is no note of it being fixed. The only way to be 100% sure your D-Link device is not affected is to try the exploit explained in the above article yourself, or ask your office/home IT support staff.
What to do if I am running an affected router?
You do have a few options if you are running a D-Link router that could be vulnerable.
1. Make sure the settings of your router are not accessible from the internet. This will help prevent attackers from the internet, but if someone is connected to your wifi or network in your home or office you are still vulnerable.
2. Replace your D-Link router with a model that is not affected. This may be the only guaranteed way to avoid becoming a victim.
Onsite PC Solution is based in San Jose California and provides small and medium sized business IT support.
Read More