Flash Unifi Router DIR-615 G2 to DD-WRT to Avoid Security Vulnerability

tl;dr 
  • Update: Uncheck the "remote access option" in your DIR-615 should fix it, bear in mind the LAN users still can access the password page.
  • This guide is meant for DIR-615 Revision G2
  • If you use Unifi IPTV, stop here, it won't work.
  • To flash dd-wrt firmware download this file and follow this guide. Setup Unifi using this guide
  • DONE

Yesterday I read a rather shocking news ( at least for me) from How I hack 4 Unifi accounts in under 5 minutes that Unifi default router (D-Link DIR-615) are vulnerable to be hacked, No, its not even a hack. Its just say welcome to access and welcome to explore my setting by using bypass url below:
1. To access the password page the appendage is /model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd
After research a few blogs and play around with the router, eventually there is no way to disable remote access to my router setting page. Hence I decide to flash the router to the infamous DD-WRT with the understanding that I'm not going to able watch TV via hypptv. So if you use the IPTV feature from Unifi PLEASE DO-NOT PROCEED. ( Refer to this page


Understand the requirement
There are 2 things to consider before we flash the firmware:
  1. Router's firmware revision - This can found in the bottom of the router.
  2. The firmware is supported - We can check this via dd-wrt router-database.


As you can see from picture above, my router is DIR-615 revision G2. This revision is not listed in the database but if we can find the routher chipset information, that might helps too.

A little bit of research via lowyat forum (comment from klseet) confirmed that G2 runs on RT3052F@384 chipset which is same with Revision Dx, so using firmware from Dx version is possible. Further reading on Another page had confirmed my finding.



Flashing DD-WRT
To proceed it is pretty straight forward, just follow the official installation guide for D-Link_DIR-615_rev_D3 and we are done. In my case, these are my step:
  1. Download dlink-dir615d-factory-webflash.bin and put it in desktop.
  2. Connect to the router through WIRED cable.
  3. Access 192.168.0.1 to D-Link Web portal, please notice you MUST use the user "Management" ( default pass: TestingR2) as login as "Admin" won't give you the update firmware option.
  4. Navigate to "Update Firmware" section, select the downloaded file and upload. 
  5. The router will now flash the firmware which take 2-3 minutes ( 99secs). 
  6. After that access 192.168.1.1 and setup my first time password. ( I didn't turn off router or rest router. ) 

Setup Unifi 
After successfully change to DD-WRT, we need to setup Unifi. If you don't know your unifi PPPOE password, you might want to contact Unifi to retrieve it for you.

To setup everything, there are two step to step guides by klseet.com:
http://klseet.com/index.php/setup-walk-through/setup-for-unifi

I basically follow the exact step from this page so nothing extra to write about. After setup Unifi, turn off router for 1 minute, plugin WAN internet cable I can access to the Internet.

You might also want to setup wireless and other setting by refer to guide below below, some minor setting might be vary.
http://klseet.com/index.php/setup-walk-through/basic-setup

That's it. Pretty straight forward and simple. Now its time to rest and have a worry free sleep.

Please be aware that this page is to record what I have done to flash my router firmware. I hold no responsibility if you brick your router following my steps. Though, you can unbrick it.



Comments

  1. Anonymous3:36 PM

    Hi there.
    A genuine comment though, thank you for the guide. I have this Unifi router unused and needed an openvpn client in it. Helpful

    ReplyDelete
  2. Anonymous4:20 PM

    For the IP TV to work, follow http://blog.namran.net/2012/08/05/setting-up-openwrt-to-work-with-tm-unifi/

    ReplyDelete
  3. kadjo6:15 AM

    I have unused unifi router and this guide helps me on flashing the firmware. Thanks for this

    ReplyDelete

Post a Comment

Popular posts from this blog

Is Kuala Lumpur Water Hard or Soft? Is it safe to drink?

Image
What is the hardness level of Malaysia water source?  According to Wikipedia, water is classify as soft water when the hardness is below 60 mg/L, below 60 ppm or below 3.5gpg ( grain per gallon) .  ( Hard/ Soft Calssification Table, Source:  Wikipedia - Hard Water  ) * Parts per million (ppm) is usually defined as 1 mg/L CaCO3. It is equivalent to mg/L One recently study on Kuala Lumpur Tap Water in 2007 has shown that most populated areas in Kuala Lumpur are soft water. (source:  A Survey Of Tap Water Quality in Kuala Lumpur - March 2007  )  Also commentary of the study has confirmed that piece of finding. "As shown in figure 3, the hardness of tap water in these20 selected areas ranged from 48 mg CaCO3/L to 92 mgCaCO3/L with an average of 65 mg CaCO3/L. The tapwater in all these areas is considered soft as the hardnesslevel is below 100 mg CaCO3/L. Although there is nohealth-based guideline value, soft water and low pH maycause corrosion of pipes result
Read more

How to Reset Xiao Mi Power Bank

Image
According to Mi official website, Mi Power Bank 10400mAh 10400mAh should charge within 12 hours for a standard 1A charger. I have a 10400 Mi Power Bank but it take >24 hours to charge. I contacted Xiao Mi Support and indeed this is not normal. They suggested to Reboot the power bank. To do that: Press the Power Button for more than 15 secs.  After that drain the power bank and charge again. The power bank should fully charge about 12 hours or in some case 13 hours is fine.  The support person also suggested if the unit still behaves the same, we should bring it to the nearest service center for checking. http://www.mi.com/my/service/repair/
Read more

What need to be done after purchase a property in Malaysia

The process of purchase a house is not end at the moment we get the house key. We need to inform various authorities regarding the change of ownership. There are 5 of them. Cukai Taksiran/ Pintu Cukai Tanah ( Don't not get confuse with cukai taksiran)  Electricity - Tenaga Nasional Berhad Water Supply - Syabas Indah Water Konsortium It take me a lot of time to understand and research the whole process hence I'm writing down my own experience, hopefully this will help some of you out-there. The example below is specific to Selangor hence it will be different for other state. When in doubt, always call your Municipal Council for more information.  Tips: You will always need IC and S&P, make at least 4-5 copies of them.  Cukai Taksiran Cukai Taksiran need to be done at municipal council, aka local Majlis Perbandaran. In my case, I did it in MPSJ (Majlis Perbandaran Subang Jaya), which located in USJ 5, Subang Jaya ( click here for google maps ). To transfer t
Read more