Backdoor in D-Link routers that includes telnet access

[Tomcat]

In some models of D-Link wireless routers, a backdoor (CVE-2024-6045) has been identified that allows an unauthorized user from the local network to activate the telnet service on the device, which provides access to the system with administrator rights, using the username and password saved in the firmware. The service is enabled by accessing the device using a special URL that is accessible without passing authentication. The password can be determined by analyzing the contents of publicly available firmware. It is assumed that the backdoor was used to automate testing of devices during the production phase.

The issue affects the D-Link device models E15, E30, G403, G415, G416, M15, M18, M30, M32, M60, R03, R04, R12, R15, R18, and R32. The vulnerability is fixed in firmware update 1.10.01 for models G403, G415, G416, M18, R03, R04, R12, R18, firmware 1.10.02 for models E30, M30, M32, M60, R32 and in firmware 1.20.01 for models E15 and R15. 1.10.02 and 1.20.01.

 

[Tomcat]

CVE-2024-6045: Embedded backdoor detected in millions of D-Link routers

Administrator privileges give hackers unlimited access to compromised devices.

A critical vulnerability has been discovered in several models of D-Link wireless routers that allows attackers to gain administrative access to devices without authentication. Vulnerability CVE-2024-6045 has a high risk level with a CVSS score of 8.8.

According to TWCERT representatives, the problem is caused by an undisclosed built-in test backdoor in specific models of D-Link routers. Attackers can activate the Telnet service using a specific URL, as well as obtain administrator credentials by analyzing the router's firmware. A successful attack gives you full control over the compromised device.

The list of vulnerable router models includes: E15, E30, G403, G415, G416, M15, M18, M30, M32, M60, R03, R04, R12, R15, R18, R32.

D-Link has released firmware updates to address this vulnerability. Users of these models are advised to immediately update the firmware to the latest version to protect against potential exploitation of the vulnerability.

The current secure firmware version for each affected model is listed below:

• Models G403, G415, G416, M18, R03, R04, R12, R18: version 1.10.01 and later;
• Models E30, M30, M32, M60, R32: version 1.10.02 and later;
• Models E15, R15: version 1.20.01 and later.

Users should immediately apply these firmware updates to protect their devices from attacks. Regularly checking and updating the router firmware is an important measure to ensure the security of network devices.