D-Link, a company that specializes in networking products, has issued a promise that they would close its routers’ back doors before October is over. This particular promise came about after responding to the discovery that a fair number of its consumer-grade devices did come with a string which would have enabled unauthenticated access to its admin Web page. There was an instance where a researcher over at /DEV/TTYS0 unpacked the firmware of a number of D-Link devices, discovering that should a browser present with the right user agent string to the internal administrative Web server, it would then be on the receiving end of unauthenticated as well as unfettered access to the device’s administration panel.
Hence, when that happens, it is but a simple matter of snooping around on users’ communications. D-Link has already mentioned that they are currently working on a fix, and those who are keeping a keen eye out on the situation will be able to download the firmware here. Apart from that, D-Link also advised as follows, “As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.”
As the end user, one can always do one’s part by making sure that a strong Wi-Fi password is always ingrained, not to mention disabling remote administrative access.