Products > Networking & Wireless

16 D-Link routers with backdoor (CVE-2024-6045)

(1/3) > >>

madires:
D-Link forgot to remove the debugging backdoor (CVE-2024-6045):
- Taiwanese CERT: https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
- D-Link's Security Announcement: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
- affected routers: E15, E30, G403, G415, G416, M15, M18, M30, M32, M60, R03, R04, R12, R15, R18, R32

Karel:

--- Quote from: madires on June 20, 2024, 11:41:44 am ---D-Link forgot to remove the debugging backdoor

--- End quote ---

How do you know that they didn't do it by purpose, hoping that nobody would notice?
Or do you simply assume that they are not evil?

madires:
Most likely we'll never know. >:D However, based on their track record I tend towards 'forgot to remove".

Monkeh:

--- Quote from: Karel on June 20, 2024, 12:48:15 pm ---
--- Quote from: madires on June 20, 2024, 11:41:44 am ---D-Link forgot to remove the debugging backdoor

--- End quote ---

How do you know that they didn't do it by purpose, hoping that nobody would notice?
Or do you simply assume that they are not evil?

--- End quote ---

Simple incompetence explains the behaviour of these companies adequately on many levels, not merely their security failings.

Karel:

--- Quote from: Monkeh on June 20, 2024, 01:18:19 pm ---
--- Quote from: Karel on June 20, 2024, 12:48:15 pm ---
--- Quote from: madires on June 20, 2024, 11:41:44 am ---D-Link forgot to remove the debugging backdoor

--- End quote ---

How do you know that they didn't do it by purpose, hoping that nobody would notice?
Or do you simply assume that they are not evil?

--- End quote ---

Simple incompetence explains the behaviour of these companies adequately on many levels, not merely their security failings.

--- End quote ---

I'm not convinced. If it wasn't meant to stay, why did they try to hide it?

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor.
Unauthenticated attackers on the local area network can force the device to enable
Telnet service by accessing a specific URL and can log in by using the administrator
credentials obtained from analyzing the firmware.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod