Security researchers from Tactical Network Solutions warn that hackers can easily gain access to the web interfaced of some D-Link routers due to a vulnerability in the firmware.
The following D-Link routers are said to be impacted: DIR-100, DI-524, DI-524UP, DI-604S, and DI-604UP, DI-604 +, TM-G5240 and possibly some versions of DIR-615. A couple of Planex routers, namely BRL-04UR and BRL-04CW, use the same firewall.
Experts have found that anyone can access a router’s interface without knowing its password simply by changing the browser’s user agent string to “xmlset_roodkcableoj28840ybtide”. A number of users have confirmed being able to reproduce the attack.
It’s uncertain if D-Link is aware of this issue and if the company plans on doing anything about it.
Additional technical details are available on /DEV/TTYS0.