Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] D-Link Backdoor

Pranesh Prakash pranesh at cis-india.org
Fri Nov 1 08:10:29 PDT 2013


<http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/>

"In other words, if your browser’s user agent string is
“xmlset_roodkcableoj28840ybtide” (no quotes), you can access the web
interface without any authentication and view/change the device settings".

It seems it was put in through stupidity, rather than malice.  Though,
it could be used for malicious purposes too, as seen in this
proof-of-concept code:

<http://pastebin.com/vbiG42VD>

~ Pranesh

-- 
Pranesh Prakash
Policy Director
Centre for Internet and Society
T: +91 80 40926283 | W: http://cis-india.org
PGP ID: 0x1D5C5F07 | Twitter: @pranesh_prakash
--------------------
Postgraduate Associate & Access to Knowledge Fellow
Information Society Project, Yale Law School
T: +1 520 314 7147 | W: http://yaleisp.org



More information about the liberationtech mailing list