Router firm, D-Link, has issued emergency patches to address a firmware vulnerability that could give hackers unauthorised access to a router’s admin settings.
The company has released a number of firmware updates for the DIR-300, DIR-600, DIR-615, DIR-645, DIR-815, DIR-845L, DIR-865L, DSL-320B and DSL-321B after reports of an easily exploited backdoor.
The company said it would release more patches for other models before the end of October, but didn’t say how many might be affected.
"We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed," said D-Link.
The company has advised customers to ignore "unsolicited emails" relating to security flaws, since they could contain malicious links. Customers should also check the security of their wireless networks and, if not already disabled, revoke remote access to their routers.
Backdoor string
The issue came to light after reverse engineer Craig Heffner exposed the backdoor.
Heffner downloaded the v1.13 update for the DIR-100 router "on a whim" and ran a strings analysis on the firmware using Binwalk.
The Binwalk analysis revealed the alpha_auth_check function, which Heffner discovered opened a backdoor into the routers. He found that a user could access the device simply by changing their browser's user agent string, which skipped the router's authentication process and logged the user straight into its admin page.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
