D-Link G604T network adaptor explained

The DSL-G604T is a first D-Link Wireless/ADSL router which firmware is based on open source the MontaVista Linux.^[1] The DSL-G604T was introduced in November 2004.^[2] This model has been discontinued.

Specifications

Hardware

• CPU: Texas Instrument AR7W MIPS 4KEc based SoC with built-in ADSL and Ethernet interfaces
• DRAM Memory: 16Mb
• Flash Memory: 2Mb SquashFS file system
• Wi-Fi: TI MiniPCI card
• Ethernet: 5-port Ethernet hub (1 internal, 4 external)

Firmware

The G604T runs MontaVista and busybox Linux which allows a degrejje of customisation with customised firmware. These and similar units from D-Link appear to have an issue that causes certain services to fail when using the factory provided firmware, namely the Debian package update service being interrupted due to a faulty DNS through DHCP issue at the kernel level. A v2.00B06.AU_20060728 patch was made available through their downloads section that provided some level of correction, but it was not a complete fix and the issue would resurface intermittently. When the issue was originally reported, D-Link seemed to have misunderstood that the same issue has been discovered by the Linux community at large to be common across a number of their router models and they failed to provide a complete fix across the board for all adsl router models.

Russian version of the firmware (prefix .RU, e.g. V1.00B02T02.RU.20041014) has restrictions on configuring firewall rules – user can only change sender's address (computer address in the LAN segment) and the recipient's port. The web interface with Russian firmware also differs from the English interface.^[3]

Default settings

When running the D-link DSL-G604T router for the first time (or resetting), the device is configured with a default IP address (192.168.1.1), username (admin) and password (admin). Default username and password can also be printed on the router itself, in the manual, or on the box.^[4]

Problems

Security

D-Link DSL-G604T has Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fan page.

Directory traversal vulnerability in webcam in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.^[5]

When /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication if their IP address already exists in /var/tmp/fw_ip or if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.^[6]

Noise

Owners reported that the router emitted a low, high-pitched sound when the ADSL line was synchronized.^{[7] [8]}

Reception

The DSL-G604T received positive reviews, receiving an 7.9/10 from PCActual,^[9] 3/5 from PCWorld.^[10] According to CNET, "DSL-G604T is a ADSL2/2+ modem router with some serious stability issues".^[11]

Similar models

The DSL-G624T, DSL-G664T and DSL-G684T routers are very similar to the G604T.

External links

• DSL-G604T at LinuxDevices
• Review at Devellopez.com
• Official Product Page

Notes and References

1. Web site: D-link access point now running on Linux. live. https://web.archive.org/web/20090102080422/http://www.irishsilicon.com:80/2004/11/dlink-access-point-now-running.html . 2009-01-02 . 29 December 2020. Irish Silicon.
2. Web site: Device Profile: D-Link DSL-G604T wired/wireless ADSL router. live. https://web.archive.org/web/20181031050936/http://linuxdevices.org:80/device-profile-d-link-dsl-g604t-wired-wireless-adsl-router/ . 2018-10-31 . 29 December 2020. Linux Devices Archive.
3. Web site: Wireless ADSL router D-Link DSL-G604T. live. https://web.archive.org/web/20051223130459/http://www.ixbt.com:80/comm/wrls-adsl-dlink-dsl-g604t.shtml . 2005-12-23 . 29 December 2020. iXBT. ru.
4. Web site: D-Link DSL-G604T. live. https://web.archive.org/web/20200922141719/https://router-passwords.com/brands/d-link/routers/dsl-g604t . 2020-09-22 . 29 December 2020. Router Passwords.
5. Web site: CVE-2006-2337. live. https://web.archive.org/web/20210825233517/https://infosec.cert-pa.it/cve-2006-2337.html . 2021-08-25 . 29 December 2020. infosec.cert-pa.it.
6. Web site: Dsl-g604t: Security Vulnerabilities. live. https://web.archive.org/web/20111214090551/http://cvedetails.com/vulnerability-list/vendor_id-899/product_id-5311/D-link-Dsl-g604t.html . 2011-12-14 . 29 December 2020. CVE Details.
7. Web site: D-Link DSL-G604T Hacking. live. https://web.archive.org/web/20201031024041/https://sites.google.com/site/justinsm/d-link-dsl-g604t-hacking . 2020-10-31 . 29 December 2020. Justin's Stuff.
8. Web site: 10 January 2007. Dlink DSL-G604T DNS Resolution Problems. live. https://web.archive.org/web/20130212052624/http://www.jethrocarr.com/2007/01/10/dlink-dsl-g604t-dns-resolution-problems/ . 2013-02-12 . 29 December 2020. Jethro Carr.
9. Web site: D-Link DSL-G604T. 29 December 2020. PC Actual. 116.
10. Web site: Review D-Link DSL-G604T. live. https://web.archive.org/web/20210128123138/https://www.pcworld.idg.com.au/review/d-link/dsl-g604t/217640/ . 2021-01-28 . 29 December 2020. PC World.
11. Web site: D-Link DSL-G604T review. live. https://web.archive.org/web/20210211140026/https://www.cnet.com/reviews/d-link-dsl-g604t-review/ . 2021-02-11 . 29 December 2020. C NET.