Reports of D-Link Router Backdoor

Original release date: October 18, 2013 | Last revised: October 21, 2013

US-CERT is aware of reports that the firmware for various D-Link routers contains a backdoor that allows unauthenticated remote users to bypass the routers' password authentication mechanism. An unauthenticated remote attacker can take any action as an administrator using the remote management web server.

D-Link is maintaining a page to inform users of this issue and provide updates as patches are released.

For more information, please see Vulnerability Note VU#248083.

This product is provided subject to this Notification and this Privacy & Use policy.