D-Link Routers Exposed: Critical Backdoor Vulnerability Discovered (CVE-2024-6045)

by do son · Published June 16, 2024 · Updated June 18, 2024

Taiwan’s CERT (Computer Emergency Response Team) has issued a critical security advisory regarding a high-severity vulnerability (CVE-2024-6045) affecting numerous models of D-Link wireless routers. The vulnerability, stemming from an undisclosed factory testing backdoor, could allow attackers within the local network to gain unauthorized access to the router’s Telnet service using default administrator credentials.

The discovered flaw involves an undisclosed factory testing backdoor present in certain D-Link router models. Unauthenticated attackers on the local area network (LAN) can exploit this backdoor by accessing a specific URL, enabling the Telnet service, and logging in using administrator credentials obtained from firmware analysis. This access grants them unauthorized control over the router, posing significant security risks.

The affected D-Link router models include E15, E30, G403, G415, G416, M15, M18, M30, M32, M60, R03, R04, R12, R15, R18, and R32.

D-Link has released firmware updates to address the CVE-2024-6045 (CVSS 8.8) vulnerability. Users are strongly urged to update their router’s firmware to the specified versions or later:

G403, G415, G416, M18, R03, R04, R12, R18: Update to firmware version 1.10.01 or later.
E30, M30, M32, M60, R32: Update to firmware version 1.10.02 or later.
E15, R15: Update to firmware version 1.20.01 or later.

After updating the firmware, it is crucial to verify the success of the update by comparing the firmware version displayed on your router’s interface with the version of the update you downloaded.

While D-Link is working diligently to release official firmware updates, beta versions may be available in the meantime. However, users should exercise caution when using beta software, as it is still under testing and may not be fully stable. D-Link does not assume responsibility for any issues that may arise from using beta firmware.

For more information and to download the latest firmware updates, please visit D-Link’s official website.