Skip Navigation

Backdoor found in D-Link routers
Tuesday 15 October 2013 20:37:14 by Andrew Ferguson

D-Link is not having a good time, as the media has been busy highlighting a backdoor left in its router firmware that could potentially allow anyone to change router settings or upgrade the firmware to do whatever they wrote it to do.

The routers affected are consumer devices the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and the TM-G5240 and two Planex devices (BRL-04UR and BRL-04CW) that share the same firmware codebase also have the vulnerability.

D-Link appear to be saying that a new firmware update to patch the hole will be available by the end of October, which is a very long time to fix a security issue that is now so widely known, and there are some indications that someone may have spotted the flaw some three years ago.

If you have one of the affected D-Link routers, then the immediate steps to take are to double check that remote access to the router is disabled, this should be disabled by default. There is a D-Link page listing what appears to be new firmware for some routers, with some of these versions dating back to February 2013, not all the models affected have new firmware yet. Which raises a question as to why if D-Link knew about this backdoor it has not moved to release updates to all the affected devices.

Probably the biggest risk currently is that phishing emails will now be crafted, if you get any emails pertaining to D-Link backdoor, then the rule of delete and ignore is the best policy and only download new firmware versions from sites hosted by D-Link.


Posted by Apilar over 3 years ago
The advice should be to disable WAN access to the web interface.
Posted by herdwick over 3 years ago
are these all "cable routers" with ethernet WAN ??
Posted by burakkucat over 3 years ago
No. They have xDSL WAN connections.
Posted by michaels_perry over 3 years ago
the affected routers are not confined to those listed. My brother has a D-Link router not on the list but it has the same vulnerability. It's 5 years old now so do they think routers are replaced more frequently than that? In the real world they are only replaced when they fail.
My advice if you have ANY D-Link router is to check the settings and disable the remote features.
Posted by francisuk20 over 3 years ago
One word if you can "DD-WRT"
You must be logged in to post comments. Click here to login.