Wednesday 30 August 2017

D-Link routers allows unrestricted access to configuration page

A frightening new vulnerability has been discovered in D-Link's older routers. Discovered by /dev/ttyS0, a website dedicated to embedded device hacking, the vulnerability could potentially let anyone get access to one's router configurations. It was discovered when one of the writers at /dev/ttyS0 reverse-engineered a firmware update that was released by D-Link.

One of the affected DLINK router
The vulnerability allows a potential hacker to get full access to the router's configuration page, even if the hacker doesn't know the username or password for it. This is achieved by setting your browser's user-agent to a certain string. With this, the modem skips authentication, and simply logs you in to the router.

Read more:
source: FIRSTPOST