Menu
D-Link patches router, says more fixes are on the way

D-Link patches router, says more fixes are on the way

The vulnerabilities affect eight router models

D-Link issued fixes on Monday for flaws that could allow remote access to one of its routers, and will patch several other models in the coming week.

The vulnerabilities were found by Peter Adkins, a systems engineer in Canada who said he alerted the company to the issues in early January and decided to publicize them last week after falling out of contact with D-Link.

D-Link acknowledges Adkins' findings in its advisory, which included three new firmware versions for its DIR-820L router. The company expects to release firmware updates in the next week for the DIR-626L, DIR-636L, DIR-808L, DIR-810L, DIR-826L, DIR-830L and DIR-836L.

The most serious flaw Adkins found is a cross-site request forgery vulnerability (CSRF). A service running on the DIR-820L that handles dynamic requests such as updating usernames and passwords can be accessed if a victim can be lured to a malicious web page, according to Adkins' writeup.

The attacker would then have full control over a router and could change its DNS (Domain Name System) settings or launch a telnet service, among other misdeeds.

Adkins found other problems, too, one of which could allow unauthenticated access to the router if remote management is enabled. Another flaw allowed him to upload a file that would overwrite the router's DNS settings.

D-Link said some attacks can be blocked by disabling a remote management feature that can provide access to a router's settings. The capability is turned off by default, the company said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityD-LinkExploits / vulnerabilities

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments