D-Link router backdoor has been discovered by the Kaspersky Lab that can give the Hackers easy access to the user’s D-Link routers. The Security experts from the renowned Kaspersky Lab have discovered a backdoor account and various other major vulnerabilities with the D-Link routers. The Kaspersky researchers have uncovered a backdoor account in the firmwares of the D-Link routers. This backdoor vulnerability can be easily exploited by the attackers to access the routers’ web interface and gain access to the user’s sensitive data without their knowledge. The researchers from the Kaspersky Lab have found four very dangerous flaws that can leave the user and their D-Link router vulnerable. The bad news for D-Link users is that neither D-Link nor the users can disable the backdoor account. The only way to attenuate the issues is to avoid exposing the admin panel online through unsecured websites.

Where is the issue?

The firmware of the D-Link routers have hardcoded default credentials that can be exploited by any hacker or a tech savvy person who is just a little too curious to gain privileged access to the firmware of the D-Link routers and to extract any sensitive data that they wish. The firmware of the router is the operating software that orchestrates the hardware of the device that it is installed on. Basically, the firmware of the router is the software that runs the hardware on the router. All the sensitive data of the user flows through the router such as the emails and passwords, the private information of the user, their banking details when they buy something online and more. Every bit of other detail related to the user also flows through the router. If an unauthorized person got the access to the firmware of the D-Link routers, the said person can choose to extract any username and password in plain text of the user. The attacker will be able to run any arbitrary JavaScript code and run arbitrary commands in the router’s Operating System (OS).

The D-Link DIR-620 vulnerabilities discovered by the Kaspersky Lab researchers claim mainly four Common Vulnerabilities and Exposures (CVE) ratings where the four different issues range from 6.1 to 10 on a scale ranging from 0 to 10. All four issues are very serious but two of these issues are, in particular, to be beware of. The bad news is that the backdoor accounts cannot be disabled either by the user or by D-Link. The only way the user can secure their network is to follow all the security guidelines, configure their router for better security and avoid using any unsecure websites.

Here are the four main issues the Kaspersky Lab found regarding the D-Link routers:

• First is a reflected cross site scripting (XSS) vulnerability in the firmware of the router. The XSS attack can be caused due to a missed filtration for special characters in the Quick Search field of the router and incorrect processing of the XMLHttp Request object.
• The second vulnerability includes privileged credentials hard coded in the firmware of the D-Link router. The attacker who has attacked the user’s D-Link router will not have administrator rights but would still be a “privileged user”. This easily makes the attacker able to extract any sensitive data of the user.
• The third vulnerability is far more serious than the previous two, which earned a 9.1 on the CVE scale out of a 10. The Kaspersky Lab mentioned “An OS command injection vulnerability is possible as a result of incorrect processing of the user’s input data in the following parameter: /index.cgi?<…>&res_buf.”
• The fourth vulnerability is related directly to the third one, and it is the one that earned a total of 10 on the CVE scale. With the help of the command injection mentioned in the third vulnerability, an unauthorized attacker can extract Telnet credentials for the router

How to Fix your D-Link router regarding the backdoor vulnerabilities? [Solved]

The Kaspersky Lab reached out to D-Link and told them about all the vulnerabilities, they were told that there was nothing to be done. They said that the model of the routers and the firmware associated with the routers are no longer supported by the vendor, so the vendor cannot do anything except provide patches.
So, if you have a D-Link router you are basically left with severe backdoor vulnerabilities that pose a huge potential threat to the user’s sensitive and private data.

If the user has a D-Link DIR-620 router that means that the user has been left with a huge backdoor vulnerability and no expectation for a coming issue fix. Kaspersky has given out some very good advice for securing your router and your network and it’s a very few simple things that the user can do in a couple of steps that any wireless router user can benefit from. Here are the steps:

• The user can restrict the access to a list of pre-approved IP addresses. This way, any unauthorized attackers who are attempting to connect to the user’s network will simply fail to do so.
• The Kaspersky Lab has also asked all the users to block all access to the Telnet.
• The third thing that they have recommended to the users is to constantly change the username and password of their network to further secure their network.

It might take a lot from the user’s end to configure their router for better security if they do not have a firm grasp at how the D-Link routers work. But it can still be done and the user can still secure their router and protect their sensitive data from unauthorized attackers by taking some precautionary steps towards a better and more secure network. The user can setup and login to their router again and change the default username and password for better security and update their firmware as well.

Here, we will show you the troubleshooting steps to configure the D-Link DIR-620 router for better security.

DLink DIR 620 router firmware update and setup guide

1. Unplug all the connections on your modem and router.
2. Connect the Ethernet cable from any of the LAN ports of the router to the desktop computer that you want to use to set up the router.
3. Now, connect the modem to the WAN port of the router.
4. Connect the router with a wall socket and turn it on.
5. Power on the modem, the router and the computer.
6. Now, open up any web browser of your choice on the desktop computer and type http://dlinkrouter.local in the address bar and press enter. This will automatically take you to the setup wizard page in the browser.
   If by some chance, the browser doesn’t automatically takes you to the setup wizard page after typing http://dlinkrouter.local in the address bar, you can alternatively type the default IP address of your router in the address bar. The default IP address of the D Link routers is 192.168.0.1.
7. When the setup wizard page displays, it will guide you through a step by step process to configure and set up your D Link router and help you connect to the internet. Click Next to continue.
   This wizard will appear while setting up the router for the very first time. If you have configured the router before, you will have to reset your router in order to go through the setup wizard again.
8. Now, the router will scan for the type of internet connection that you have. It successfully scans and skips the setup itself, but in some case if it doesn’t, you will be prompted to select the type of internet connection that you have.
9. From the given options, select the DHCP connection (Dynamic IP). For all the wired connections, the connection type is always Dynamic IP. After selecting the DHCP connection type, click Next.
10. Now, you will see a Wireless Settings page. You will be asked to put in a new wireless network name and password. This is very important as it will help secure your network. Enter the desired Network name and passphrase in the respective fields. Click Next.
    Note down the username and passphrase for your wireless network so that the passphrase isn’t lost or forgotten. If it is lost or forgotten, a factory reset will be required.
11. Now, the setup wizard will again ask you for a password. This is the password for the router configuration page in case you want to log in to the configuration page. Click Next.
    This is not your wireless passphrase.
12. Now, the setup wizard will ask you to set your time zone. After setting the time zone, click Next.
13. A summary of all your router settings will be displayed. Click Save to save the settings.
14. The router will now start to reboot in order to save the settings.
    Do not interrupt the reboot process as it may corrupt the router and even render it useless.

Now, the user will have setup and logged in to their network securely. The user can start using their network as they please.

DLink DIR 620 router firmware update

1. Open any web browser of your choice and go to the D-Link’s Support Website. The support website for D Link routers is www.support.dlink.com or you can opt for your local D Link support website. Download the latest firmware for your router’s model.
2. Once you have downloaded the latest firmware, open the web browser and type http://dlinkrouter.local or 192.168.0.1 in the address bar.
3. The login window will ask you for the username and password. Type in the default username and password.
   The default username is “Admin” and leave the password field blank. Click Login.
4. Now, a new window will display. Click on the Tools tab on the top and then click on the Firmware tab on the left side of the window. Under Firmware Upgrade, click on the Browse button and select the file that you previously downloaded.
5. Click Upload to upgrade the firmware to the latest firmware. It will take a couple of minutes to upgrade the firmware. Click Continue.
   It is advised not to unplug or switch off or otherwise disturb the router while the firmware is being upgraded.

Now, the firmware of the D-Link Dir-620 wireless router will have been updated. The user can start using their internet once the firmware has been successfully updated.

Warning: Do not interrupt the firmware update process anyhow or turn off the router during the update as it can severely damage the router and might even render it completely useless.