→ Browsers send a User Agent string in the headers of every HTTP request. This is a handy, if clumsy, way to help web servers cater to the programmatic peccadillos of each browser.
Let's be perfectly clear what this means: these routers have a hardwired master key that lets anyone in through an unsupervised back door.
"What is this string," I hear you ask?
You will laugh: it is xmlset_roodkcableoj28840ybtide.
Geddit?
Ignore the xmlset, which probably just means "Configure Extensible Markup Language (XML) setting."
Flip round the part after the underscore, in reversible-rock-music style, to get the hidden message:
Edit by 04882 Joel: Backdoor.
Can you believe it?
If you tell your browser to identify itself as Joel's backdoor, instead of (say) asMozilla/5.0 AppleWebKit/536.30.1 Version/6.0.5, you're in without authentication.
Fortunately, the administration interface isn't accessible from the internet-facing port of these routers by default, which limits the exploitablity of this vulnerability.
(If you have one of these models, check right now that you can't access the management interface directly from the outside!)
Read full article and more links: D-Link router flaw lets anyone login through “Joel’s Backdoor” | Naked Security
