Security researchers from Kaspersky Lab have uncovered a backdoor account (CVE-2018-6213) in the firmware of D-Link DIR-620 routers that could be exploited by attackers to access to the device’s web panel and take over devices exposed online.
“The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data, e.g., configuration files with plain-text passwords.” reads the blog post published by Kaspersky.
To prevent abuse, the experts did not disclose the credentials for the backdoor account.
The bad news is that it is impossible to disable the backdoor account, the only way to mitigate the issue is to avoid exposing the admin panel online.
The firmware version containing the backdoor account is 1.0.37.
Kaspersky researchers have discovered other three vulnerabilities in the firmware of the D-Link DIR-620 routers. The remaining issues are:
Fortunately, there aren’t many D-Link DIR-620 devices exposed online because it is an old model.
The flawed devices were distributed by ISPs in Russia, CIS, and Eastern Europe ISPs (most of them in Russia), Kaspersky already reported the flaws to the ISPs.
D-Link was notified the vulnerabilities by said it will not issue firmware updates to address them.
To mitigate the issues Kaspersky recommends:
(Security Affairs – D-Link DIR-620, hacking)