D-Link Routers Have Backdoor, Allows Full Exploitation

A post on the web site /dev/ttyS0 has outed a backdoor in several D-Link routers. The affected routers are mostly end of life by D-Link and are the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240. There is a possibility that other devices may be affected to include a DIR-615 that was sold by Virgin Mobile.

According to /dev/ttyS0 the backdoor may be an unintended feature in the firmware. D-Link or an associated firm decided to use the web server to post dynamic DNS or other dynamic changes to the device configuration. This also allows the router to be fully exploited for the Internet.

More great news is that Shodan shows over 2,516 devices that are on the known exploitable list ready to be “tested.”

Post by Protocol 46