Reverse Engineering a D-Link Backdoor
The article is a bit technical but the bottom line is this: There’s a giant back door in many D-Link Wifi routers!
In other words, if your browser’s user agent string is “xmlset_roodkcableoj28840ybtide” (no quotes), you can access the web interface without any authentication and view/change the device settings (a DI-524UP is shown, as I don’t have a DIR-100 and the DI-524UP uses the same firmware):
Based on the source code of the HTML pages and some Shodan search results, it can be reasonably concluded that the following D-Link devices are likely affected:
Additionally, several Planex routers also appear to use the same firmware:
Read the full article @ /dev/ttyS0.Tags: backdoor, dlink, security, wifi