Menu
D-Link patches router, says more fixes are on the way

D-Link patches router, says more fixes are on the way

The vulnerabilities affect eight router models

D-Link issued fixes on Monday for flaws that could allow remote access to one of its routers, and will patch several other models in the coming week.

The vulnerabilities were found by Peter Adkins, a systems engineer in Canada who said he alerted the company to the issues in early January and decided to publicize them last week after falling out of contact with D-Link.

D-Link acknowledges Adkins' findings in its advisory, which included three new firmware versions for its DIR-820L router. The company expects to release firmware updates in the next week for the DIR-626L, DIR-636L, DIR-808L, DIR-810L, DIR-826L, DIR-830L and DIR-836L.

The most serious flaw Adkins found is a cross-site request forgery vulnerability (CSRF). A service running on the DIR-820L that handles dynamic requests such as updating usernames and passwords can be accessed if a victim can be lured to a malicious web page, according to Adkins' writeup.

The attacker would then have full control over a router and could change its DNS (Domain Name System) settings or launch a telnet service, among other misdeeds.

Adkins found other problems, too, one of which could allow unauthenticated access to the router if remote management is enabled. Another flaw allowed him to upload a file that would overwrite the router's DNS settings.

D-Link said some attacks can be blocked by disabling a remote management feature that can provide access to a router's settings. The capability is turned off by default, the company said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityD-LinkExploits / vulnerabilities

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments