CVE-2013-4856

Vulnerability

The D-Link DIR-865L router, a dual-band wireless AC router, exposes an undocumented Telnet service that can be accessed without authentication. This service runs on a non-standard port and allows any remote attacker to connect and obtain a root shell on the device, effectively exposing full router configuration and control to unauthorized users [1].

Exploitation

An attacker on the same network (or from the WAN if the router is configured with remote management enabled) can use a simple Telnet client to connect to the IP address of the router on the undocumented port. No credentials are required [1]. The attacker then gains immediate command-line access to the router's underlying embedded Linux system [2].

Impact

Successful exploitation grants the attacker unauthenticated root-level access to the router. This allows the attacker to read and modify all configuration settings (including Wi-Fi passwords, firewall rules, and DNS settings), intercept or redirect network traffic, and potentially use the router as a pivot point for further attacks on the internal network [1].

Mitigation

D-Link has not released a firmware patch for this vulnerability. The DIR-865L is end-of-life (EOL), and no fix is available. Users are strongly advised to replace the device with a supported model from a vendor that provides regular security updates [1][2].