Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] D-Link Backdoor

Pranesh Prakash pranesh at
Fri Nov 1 08:10:29 PDT 2013


"In other words, if your browser’s user agent string is
“xmlset_roodkcableoj28840ybtide” (no quotes), you can access the web
interface without any authentication and view/change the device settings".

It seems it was put in through stupidity, rather than malice.  Though,
it could be used for malicious purposes too, as seen in this
proof-of-concept code:


~ Pranesh

Pranesh Prakash
Policy Director
Centre for Internet and Society
T: +91 80 40926283 | W:
PGP ID: 0x1D5C5F07 | Twitter: @pranesh_prakash
Postgraduate Associate & Access to Knowledge Fellow
Information Society Project, Yale Law School
T: +1 520 314 7147 | W:

More information about the liberationtech mailing list