23rd May, 2018 By Catalin Cimpanu
Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet.
Discovered by Kaspersky Lab researchers, this backdoor grants an attacker access to the device's web panel, and there's no way in which device owners can disable this secret account.
The only way to protect devices from getting hacked is to avoid having the router expose its admin panel on the WAN interface, and hence, reachable from anywhere on the Internet.
To prevent abuse, Kaspersky researchers have refrained from disclosing the backdoor's account username and password.
The backdoor account (CVE-2018-6213) is just one of four vulnerabilities Kaspersky researchers found in the firmware of these devices following a recent security audit. The other three flaws include:
? CVE-2018-6210 - a vulnerability that lets attackers recover Telnet credentials
? CVE-2018-6211 - a flaw that lets attackers execute OS commands via one of the admin panel's URL parameters
? CVE-2018-6212 - a reflected cross-site scripting (XSS) vulnerability in the router's "Quick Search" admin panel field
Full Article.
Backdoor Account Found in D-Link DIR-620 Routers
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.