Comments on: My firewall was a security risk

By: Tomi Engdahl

Tomi Engdahl — Mon, 15 Feb 2016 17:29:27 +0000

D-link DIR-100 UART
http://hwmayer.blogspot.fi/2010/09/d-link-dir-100-uart.html

First thing that I’ve wanted to do was to add a serial port connector to see what’s running inside it. After opening the case it was easy to find the UART pins on the PCB, as they looked similar as in other D-Link devices.

Reverse Engineering a D-Link Backdoor
http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

By: Tomi Engdahl

Tomi Engdahl — Mon, 15 Feb 2016 17:28:37 +0000

D-Link DIR-100 rev A
https://wikidevi.com/wiki/D-Link_DIR-100_rev_A

xmlset roodkcableoj28840ybtide
https://wikidevi.com/wiki/Xmlset_roodkcableoj28840ybtide

By: Tomi Engdahl

Tomi Engdahl — Wed, 12 Feb 2014 11:26:17 +0000

My old DIR-100 firewall also seemed to have also same backdoor vulnerability as this one
http://www.epanorama.net/newepa/2013/10/15/d-link-firewall-teardown-and-vulnerability/

I had fixed that in time by disabled by disabling management though WAN port (which is always a good idea unless you absolutely need it).

By: Tomi Engdahl

Tomi Engdahl — Tue, 11 Feb 2014 16:49:05 +0000

It seems that there has been several different versions of DIR-100 on market, each needing
different firmware software. I seem to have oldest revision RevB and newest firmware for it.
http://ftp.dlink.ru/pub/Router/DIR-100/Firmware/

By: Tomi Engdahl

Tomi Engdahl — Tue, 11 Feb 2014 14:05:29 +0000

I also found out this:

Easy to exploit backdoor found in several D-Link router models
http://hexus.net/tech/news/network/61245-easy-exploit-backdoor-found-several-d-link-router-models/

It has been found that seven domestic router models, made by well-known networking firm D-Link, can be easily controlled remotely via a back door.

provides full access to the router web interface with no username or password required