Site icon ICT Frame

Multiple Backdoors Found In D-Link DWR-932 B LTE Router

Share It On:

Hackers every time search new and new backdoors to hijack the system and to get confidential data and information. Hackers on one side give us an idea as well how weak our system is, but on another hand, it upset us on our safeness. D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues like Backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities, and insecure UPnP (Universal Plug-and-Play) configuration.

These vulnerabilities allow hackers to hijack and control over the system and router remotely. Pierre Kim discovered multiple vulnerabilities in the D-Link DWR-932B LTE ROUTER in several countries to provide the internet with an LTE network.

During research, he found that D-Link wireless router has Telnet and SSH services run by default with two hard-coded secret accounts (admin: admin and root: 1234). These are just the basic info hackers need to get access to vulnerable routers from a command-line shell, monitor internet traffic and change router settings.

D-Link DWR-932B LTE ROUTER also has another secret backdoor that can be exploited by only just sending “HELODBG”  string as a secret hard-coded command to UDP port 39889 to launch telnet as a root privilege without any authentication.

There are two types of vulnerable WPS System. They are:

  1. Default WPS PIN
  2. Weak WPS PIN

If you think that firmware will improve or recover these issues, you are wrong because D-Link’s remote firmware over-the-air (FOTA) update mechanism is also vulnerable. The user/password combinations are DPC: DPC, DPC: DPC and qdp:qdp.

There is no such restriction about the UPnP permission rules in the configuration file for the vulnerable D-Link router since it allows anyone to use the LAN for adding their port forwarding rules from the internet to other clients located in the LAN. Finally, Kim pointed that the router with a big processor, sizeable memory (168 MB) and good free space (235MB) is so severely secured that it would be trivial for attackers to use this router as an attack vector.


Share It On:
Exit mobile version