Hackers every time search new and new backdoors to hijack the system and to get confidential data and information. Hackers on one side give us idea as well how weak our system is but on other hard it really upset us on our safeness. D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues like Backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration.

These vulnerabilities allow hackers to remotely hijack and control over the system and router. Pierre Kim discovered multiple vulnerabilities in the D-Link DWR-932B LTE ROUTER in several countries to provide the internet with an LTE network.

During research, he found that D-Link wireless router has Telnet and SSH services run by default with two hard-coded secret accounts (admin: admin and root: 1234). These are just the basic info hackers need to get access to vulnerable routers from a command-line shell, monitor internet traffic and change router settings.

D-Link DWR-932B LTE ROUTER has also another secret backdoor that can be exploited by only just sending “HELODBG”  string as a secret hard-coded command to UDP port 39889 to launch telnet as a root privileges without any authentication.

There are two types of vulnerable WPS System. They are:

  1. Default WPS PIN
  2. Weak WPS PIN

If you think that firmware will improve or recover these issues, you are totally wrong because D-LINK’s remote firmware over-the-air (FOTA) update mechanism is also vulnerable. The user/password combinations are qdpc:qdpc, qdpc:qdpc and qdp:qdp.

There is no such restriction about the UPnP permission rules in the configuration file for the vulnerable D-Link router, since it allows anyone to use the LAN for adding their port forwarding rules from the internet to other clients located in the LAN. Finally Kim pointed that the router with a big processor, sizeable memory (168 MB) and good free space (235MB) is so badly secured that it would be trivial for attackers to use this router as an attack vector.