While that could be the result of an unfortunate coding gaffe, the access seems deliberate: backwards, the string after the underscore reads 'edited by 04882 joel backdoor' - suggesting that a D-Link programmer called Joel inserted the back-door access deliberately in a sanctioned code edit.Source: Bit Tech
'My guess is that the developers realized that some programs/services needed to be able to change the device’s settings automatically,' writes Heffner. 'Realising that the web server already had all the code to change these settings, they decided to just send requests to the web server whenever they needed to change something. The only problem was that the web server required a username and password, which the end user could change. Then, in a eureka moment, Joel jumped up and said, “Don’t worry, for I have a cunning plan!”'
The code has been discovered in numerous older models of D-Link router, including the DIR-100, DI-524 and DI-524UP, DI-604S, DI-604UP and DI-604+, and TM-G5240, as well as selected third-party routers based on D-Link hardware and software. Comments on Heffner's discovery have also suggested that the DIR-615, a newer device which is provided in customised form by selected ISPs, is also vulnerable. Other, newer routers may also include the back-door, but edited to trigger on a different and so-far undiscovered user agent string.
Backdoor discovered in D-Link routers
Posted on Monday, October 14 2013 @ 12:40 CEST by Thomas De Maesschalck