D-Link AX1500 (routers)

2024: Backdoor Detection

In mid-June 2024, it became known that a number of models of D-Link wireless routers have bookmarks that allow attackers to seize control of devices. The problem could potentially affect millions of routers.

It is reported that certain D-Link routers from the plant may contain a backdoor. The issue described in the CVE-2024-6045 bulletin received a high hazard rating (CVSS 8.8). An unauthenticated attacker over a local network can activate the telnet service on the device and log on using administrator credentials stored in the firmware. A specific URL is used to carry out the attack. After gaining access to the router, cybercriminals can carry out arbitrary actions on it.

D-Link

The backdoor is present in D-Link routers AX1500 E15, E30, G403, G415, G416, M15, M18, M30, M32, M60, R03, R04, R12, R15, R18 and R32. Users of this hardware are advised to update the firmware. The vulnerability was fixed in software version 1.10.01 or later for routers G403, G415, G416, M18, R03, R04, R12 and R18, in firmware 1.10.02 or newer for E30, M30, M32, M60 and R32, as well as in firmware 1.20.01 and newer for models E15, M15 and R15.

It is noted that the backdoor could be used on D-Link routers for technical purposes - it, in particular, served to automate the testing of devices at the production stage. As of June 2024, there is no information about why this software module remained in the firmware of equipment for the commercial market.

Installing firmware updates is critical to fixing security issues in devices. D-Link strongly recommends that all users regularly check for updates and download them, the company said in a notice.[1]

Notes