Archive for D-Link

Newer Entries »

Some D-Link Routers Have Built-In Backdoor…. Yikes!

Posted in Commentary with tags , on October 15, 2013 by itnerd

This does not give me the warm fuzzies. Nor should it give the warm fuzzies to people who own certain D-Link routers. Craig Heffner, a vulnerability researcher with Tactical Network Solutions, discovered that some D-Link routers have a built-in backdoor that allows one to change settings and remotely execute code:

if your browser’s user agent string is “xmlset_roodkcableoj28840ybtide” (no quotes), you can access the web interface without any authentication and view/change the device settings 

Now, what does “xmlset_roodkcableoj28840ybtide” mean? The last part when read backwards is “edit by 04882 joel backdoor.” That implies it was written in by D-Link, likely during the development of the firmware as part of the development process. Except that these sorts of things are usually removed before the product is released. This one clearly wasn’t.

The following routers are affected by this:

  • DIR-100
  • DIR-120
  • DI-624S
  • DI-524UP
  • DI-604S
  • DI-604UP
  • DI-604+
  • TM-G5240

Additionally, several Planex routers also appear to use the same firmware:

  • BRL-04UR
  • BRL-04CW

Now D-Link has  posted this on their website discussing the issue. Among other things, it says this:

We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.  
We will continue to update this page to include the relevant product firmware updates addressing these concerns. 

It sounds like this will eventually be fixed.

My take on this? This is an #epicfail if I have ever seen one. It leaves those who have these routers with the impression that D-Link doesn’t take security seriously. That’s not good. Hopefully this is addressed by them quickly and transparently.

1 Comment »

Update On My D-Link Issue

Posted in Commentary with tags , on December 24, 2008 by itnerd

Here’s a quick update to this post about my experiences with D-Link tech support last week. Seeing as it’s just a light that has burned out and the unit is otherwise fine,  I have decided not to replace it. Part of the reason for that is the rather negative experience that I had with D-Link tech support. In a way I shouldn’t be shocked by any of this as I’ve had negative experiences in the past with their tech support, and have stopped recommending most of their products to my customers as a result. Another reason is that I haven’t got the confidence that my issue will be sorted out properly by D-Link given the circus that I went through with them on the phone.

Having said that, the DNS-323 is a really good product. But the quality of the support leaves something to be desired. And it’s often the quality of support that makes or breaks a product. Right now, D-Link’s tech support department is not doing an otherwise excellent product any favors. I really think they need to make some wholesale changes to fix that.

The next question is, what do I replace the DNS-323 with when it does die? I’m thinking that I’ll look at something like this from Lacie as I have had very positive experiences with their tech support and their products are excellent.

2 Comments »

Why Does It Take 35 Minutes And Three Transfers To Replace Clearly Defective Hardware?

Posted in Commentary with tags , on December 16, 2008 by itnerd

I just spent the last 35 minutes on the phone with D Link to replace a DNS-323. The unit was working other than the fact that one of the hard drive lights had burnt out. So I figured that it should be covered under warranty and it should be easy to get a replacement. Here’s what happened next:

  • I sent an e-mail to D Link last night about this. At 1PM today I got a reply asking me to call into their tech support department and reference a case number that they provided within the e-mail. When I called, I was to give them the case number and ask to be transferred to a second level tech.
  • I called the number and waited five minutes to talk to a first level tech. Despite doing what the e-mail told me to do, the first level tech insisted on doing troubleshooting. Plus she insisted on doing this AFTER I told her that I had covered these steps in the FAQ for the product. Only after I played ball with did I get transferred to  second level.
  • I waited another 5 minutes to speak to second level who then insisted to do the SAME troubleshooting steps that the first level person did. WTF? After doing that, she had to gather more information (like what light was burned out and where I bought the device) before transferring me to a “Product Specialist.”
  • So after waiting about 5 minutes to speak to a “Product Specialist” it took him about 30 seconds to conclude that the light had burned out. He then opened an RMA ticket and the call ended.

Total time: 35 Minutes.

This is one of the most retarded things I have ever experienced. This should have been a 5 minute phone call. Why does it take 35 minutes and three people to do a simple RMA that any 9 year old could have done?

What is D Link thinking?

Has anybody else experienced craptastic customer service like this with D Link? Or did I just get them on a bad day?

Leave a comment »

Newer Entries »