Comments on: D-Link Routers: One Hack to Own Them All

By: credit score

credit score — Fri, 03 Sep 2010 01:37:24 +0000

I applied for my credit score and reports.It’s really free,fast and secure. Highly recommended! http://safe-creditscore.com

By: DyadyaSportivnihShtanah

DyadyaSportivnihShtanah — Fri, 13 Aug 2010 09:40:23 +0000

This is good

By: corny

corny — Thu, 12 Aug 2010 22:39:46 +0000

Insulin, a protein hormone produced before the pancreas and it regulates blood sugar (glucose) in blood. Insulin is tolerant of as a replacement for treatment of diabetes. The hormone is synthesized in the beta cells, which stick into in hormone-secreting cells of the pancreas and is called islets of Langerhans. The hormone is synthesized in the beta cells, which insert in hormone-secreting cells of the pancreas and is called islets of Langerhans. The word “insulin” is from the Latin insula – island, it indicates on the eyot creation of the hormone.

By: Robin Volbrecht

Robin Volbrecht — Sat, 31 Jul 2010 11:48:25 +0000

Not several men and women believe the similar way as you. That contains me.. sorry

By: hackademix.net » ABE Patrols the Routes to Your Routers

hackademix.net » ABE Patrols the Routes to Your Routers — Wed, 28 Jul 2010 11:14:27 +0000

[...] is not exposed on the internet side it can’t be reached by an internet attacker (see this HNAP D-Link Hack for a glaring [...]

By: Листовка

Листовка — Mon, 21 Jun 2010 09:21:33 +0000

and not be a comparative article, which of the router is better?

By: craig

craig — Sun, 28 Feb 2010 01:45:07 +0000

BobW,

Thanks for the update, and yes, if you got a 401 unauthorized then your firmware version isn’t vulnerable. The latest firmware for the DIR-655 should also have this bug fixed, but it’s funny that not keeping your firmware up to date kept you secure.

Thanks for the info on the DIR-624; like you said, it is old, but you see those old routers around all the time and I don’t think I’ve ever seen anyone change the user account logins for them.

By: BobW

BobW — Thu, 25 Feb 2010 02:41:10 +0000

I just read about this issue and came here. I have tested my US DIR-655 on firmware 1.11 (while I’m a professional programmer, I must admit I’ve rarely bothered to update my routers unless to fix a specific issue that got in my way). Interestingly enough, v1.11 doesn’t seem to have the vulnerability.

Using your hnap0wn script I get back a 401 Authorization Required for the GetDeviceSettings.xml post (and the others). So unless I’m overlooking something, it might be that D-Link originally had everything secure and opened it up accidently during a firmware update. I’m probably not going to try updating my firmware at this time

I also have an old D-Link DI-624 Rev C firmware 2.76 (the last firmware update, as this product is no longer supported), and it does have the user exploit (e.g. if user password is still default of blank, then I can update the admin password).

By: mrdlnf

mrdlnf — Fri, 05 Feb 2010 00:29:34 +0000

Here is the latest of WW version, i have tested it and seems it fixed the issue : http://support.dlink.co.id/firmware/DIR655A4_FW131WWB01.rar

By: Eck

Eck — Sun, 24 Jan 2010 18:12:32 +0000

I must have missed it earlier. Great info I was watching HNN, and Dlink supposedly has a patch for the problem. However, it isn’t posted on their site. Might have to give Dlink a call after I play with this a little more.
Thanks
Eck