Joel’s Backdoor

Joel's BackdoorA new vulnerability called Joel’s Backdoor has been found in D-Link routers that allows unauthenticated users to gain access to administrator functions. A terrific write-up of the discovery of this vulnerability can be found here.

The vulnerability appears to affect the following D-Link routers

  • DIR-100
  • DIR-120
  • DI-624S
  • DI-524UP
  • DI-604S
  • DI-604UP
  • DI-604+
  • TM-G5240

Additionally, several Planex routers also appear to use the same firmware:

  • BRL-04R
  • BRL-04UR
  • BRL-04CW

The backdoor is activated by setting your browser’s user agent string  to xmlset_roodkcableoj28840ybtide. Why something so strange looking? Read it backwards. Seems like Joel was probably doing some testing of the firmware and didn’t feel like logging in each time, so he put this in. And then probably forgot to take it out. We’ll give him the benefit of the doubt.

Anyway, people who have this router have been acknowledging that yes, it does indeed work.