Multiple Backdoors found in D-Link DWR-932 B LTE Router by Swati Khandelwal.
From the post:
If you own a D-Link wireless router, especially DWR-932 B LTE router, you should get rid of it, rather than wait for a firmware upgrade that never lands soon.
D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration.
If successfully exploited, these vulnerabilities could allow attackers to remotely hijack and control your router, as well as network, leaving all connected devices vulnerable to man-in-the-middle and DNS poisoning attacks.
Moreover, your hacked router can be easily abused by cybercriminals to launch massive Distributed Denial of Service (DDoS) attacks, as the Internet has recently witnessed record-breaking 1 Tbps DDoS attack that was launched using more than 150,000 hacked Internet-connected smart devices.
Security researcher Pierre Kim has discovered multiple vulnerabilities in the D-Link DWR-932B router that’s available in several countries to provide the Internet with an LTE network.
…
The current list on this cyber-horror at Amazon.uk is £95.97. Wow!
Once word spreads about its swiss-cheese like security characteristics, one hopes its used price will fall rapidly.
Swati’s post makes the start of a great checklist for grading penetration of the router for exam purposes.
Enjoy!
PS: I’m willing to pay $10.00 plus shipping for one. (Contact me for details.)