Jump to content
Sign in to follow this  
Tech 425

Backdoor Accounts, Security Vulnerabilities Found In D-Link DIR-620 Routers

Recommended Posts

Backdoor Accounts, Security Vulnerabilities Found In D-Link DIR-620 Routers


Kaspersky Labs identified two hardcoded backdoor accounts and two security flaws in D-Link DIR-620 routers.

Despite being a terrible security practice, it's actually not that uncommon for router or surveillance camera companies to have hardcoded default credentials in their devices. Besides the potential for abuse from the companies themselves, this practice exposes users to all sorts of attackers, from botnet owners to nation states. The hardcoded credentials make it trivial to hack these devices once attackers learn about them.

According to Kaspersky's researchers, the hardcoded account cannot be changed by the routers' administrators. This probably means it was never meant to be seen by users and that the account is purposely made to allow D-Link employees to remotely log in to the routers. Kaspersky also discovered yet another backdoor account for Telnet, which could have given attackers administrative access to the routers.

One of the vulnerabilities Kaspersky found in D-Link's DIR-620 routers allows for a cross-scripting (XSS) attack. The D-Link developers seem to have missed filtering certain special characters, which can now allow attackers to deliver an exploit by sending malicious code to the routers. Another vulnerability is an operating system command injection, which is the result of incorrect processing of input data.

D-Link Needs To Step Up Its Security Game

Although the two vulnerabilities are not too sophisticated, and D-Link developers should have been able to dodge them, the bigger issue is the hardcoded backdoor accounts. After many years, or decades even, of seeing such accounts being taken over by attackers, D-Link should have known better than to have them in its routers.

Kaspersky researched the DIR-620 router because it's a common router used by millions of people in Russia, as it's a router sold directly to ISPs, who then give it to their customers. However, as D-Link uses the same firmware on multiple router line-ups, it's possible the same type of vulnerabilities exist in other D-Link routers, too.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this