D-Link DIR-456U A1 Hardcoded Telnet Backdoor Vulnerability

A hardcoded telnet backdoor has been identified in the D-Link DIR-456U Hardware Revision A1, which is now End-of-Life (EOL). The device activates a telnet daemon at boot, using the username 'Alphanetworks' and a static password 'whdrv01_dlob_dir456U', both of which are hardcoded and stored in plaintext within the firmware. This backdoor allows an unauthenticated attacker on the local network to gain root access and full administrative control over the device.

Impact

Exploitation of this vulnerability provides an unauthenticated user on the same local network with root access to the device, allowing complete control over the router. This includes the ability to execute arbitrary commands, modify router settings, intercept and alter network traffic, and potentially install persistent malware or access other devices on the internal network.

Reproduction

The vulnerability can be reproduced by connecting to the telnet service on the router's default LAN IP address. After logging in with the hardcoded username and password, access to a root shell is granted immediately.

Remediation

Users are advised to replace the device with a currently supported router model. As a temporary measure, the telnet daemon can be terminated and port 23 blocked, although this will be reset upon reboot.