D-Link and Planex Home Routers Have Backdoors

A security researcher revealed that seven different models of D-Link and Planex home routers have backdoors that are easy to penetrate.

Craig Heffner, a Vulnerability Researcher with Tactical Network Solutions in Columbia, MD posted on his blogthat he had discovered backdoors using software reverse-engineering to manipulate a D-Link DIR-100 router. By thoroughly analyzing the code, a string of letters has been exposed. If a person knows how to use these letters correctly, he can unlock remote access to the gadget and have undocumented access.

However, good to say for now, the backdoor seemed to be unexposed “in the wild” yet.

D-Link admitted this issue and said that a fix would be readily available by the end of October.

Planex, on the other hand, has not given comments yet about this issue as of press time.

"My guess is that the developers realized that some programs/services needed to be able to change the device's settings automatically," Heffner wrote. "Realizing that the web server already had all the code to change these settings, they decided to just send requests to the web server whenever they needed to change something.

The same decoding technique was applicable to seven types of D-Link r outers including DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240 and two types of Planex namely BRL-04UR and BRL-04CW.

D-Link said in a press release that they are working with Heffner and other security researchers to discover more backdoors. They also claimed they are reviewing their other products to see if their other models have backdoors also.

It added that an update, which will seal the backdoor, for its firmware, the software that runs the router, will be released as soon as possible. The company advised users to disable remote access to their router if it’s not really needed and to be cautious at all times.