A backdoor security vulnerability has been discovered in several D-Link routers that could allow an attacker to take control of devices and spy on users' browsing activity.
The issue was discovered and reported by Craig Heffner, a vulnerability researcher with Tactical Network Solutions, who writes in a blog post that an attacker could gain remote access to a router when using a string of letters in the right order.
Heffner, who discovered the flaw hidden deep within D-Link's firmware code, writes: "If your browser's user agent string is 'xmlset_roodkcableoj28840ybtide' (no quotes), you can access the web interface without any authentication and view/change the device settings."
Heffner says affected models likely include D-Link's DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240 and the DIR-615. He also points out that Planex Communication's BRL-04UR and BRL-04CW models may be affected as they appear to use the same firmware.
Updated firmware
D-Link has responded to the claim in a note on its website, writing: "We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.
"We will continue to update this page to include the relevant product firmware updates addressing these concern."
The company added that users should check that their wireless network is secure, disable remote access to the router if not required (this is the default setting) and ignore unsolicited emails related to security vulnerabilities.
