D-Link Routers (Firmware Update)

In October a security researcher discovered a backdoor vulnerability with certain D-Link routers. This vulnerability (CVE-2013-6027) [setting the browsers user agent string to “xmlset_roodkcable0j28840ybtide”] allows cyber criminals to alter a router setting without having a username or password. D-Link has released a new firmware version for the vulnerable routers that patches this vulnerability. The following routers have updates:

  • DIR-100
  • DIR-120
  • DI-524
  • DI-524UP
  • DI-604UP
  • DI-604+
  • DI-624S
  • TM-G5240

As a safety precaution you should not enable th ‘Remote Management’ feature, as you should download and install the relevant updates as soon as possible. D-Link Security Advisory