D-Link issues firmware updates to fix security vulnerability

by George Chetcuti [Published on 5 Dec. 2013 / Last Updated on 5 Dec. 2013]

Do not leave the Remote Management feature enabled if not in use since this will allow malicious users to use this exploit from the internet.

Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be affected, please contact these vendors directly at their regional websites.

Remote Management is default disabled on all D-Link Routers and is included for customer care troubleshooting if useful and the customer enables it.

Read the full advisory here - http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10001

Add Review or Comment

See Also

Featured Links