5/22/2023 0 Comments D link dir 524 firmware upgrade![]() ![]() Then, in a eureka moment, Joel jumped up and said, 'Don't worry, for I have a cunning plan'!" "The only problem was that the Web server required a username and password, which the end user could change. "Realizing that the Web server already had all the code to change these settings, they decided to just send requests to the Web server whenever they needed to change something. "My guess is that the developers realized that some programs/services needed to be able to change the device's settings automatically," Heffner wrote. Heffner wrote on his blog that the Web interface for some D-Link routers could be accessed if a browser's user agent string is set to xmlset_roodkcableoj28840ybtide.Ĭuriously, if the second half of the user agent string is reversed and the number is removed, it reads "edit by joel backdoor," suggesting it was intentionally placed there. A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device's settings, a serious security problem that could be used for surveillance.Ĭraig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability.
0 Comments
Leave a Reply. |