Researcher Uncovers Backdoor Vulnerability in D-Link Routers

October 14, 2013 – 4:47 PM

A security researcher this weekend discovered a backdoor vulnerability with certain D-Link routers that might allow cyber criminals to alter a router’s setting without a username or password.

In a note on its website, D-Link said it is “proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.”

The glitch was discovered by Craig Heffner from Tactical Network Solutions. He charted the hack in a technical blog post published on Saturday, but what it boils down to is a vulnerability that lets scammers “access the web interface without any authentication and view/change the device settings.”

According to PC World, D-Link plans to release a firmware update for the problem by the end of the month. D-Link did not immediately respond to a request for comment.

As the site noted, the discovery is problematic because an attacker could, for example, change the DNS settings on a router and redirect users to malicious websites.

Source:
http://www.pcmag.com/article2/0,2817,2425728,00.asp?kc=PCRSS03069TX1K0001121