Menu
D-Link patches router, says more fixes are on the way

D-Link patches router, says more fixes are on the way

The vulnerabilities affect eight router models

D-Link issued fixes on Monday for flaws that could allow remote access to one of its routers, and will patch several other models in the coming week.

The vulnerabilities were found by Peter Adkins, a systems engineer in Canada who said he alerted the company to the issues in early January and decided to publicize them last week after falling out of contact with D-Link.

D-Link acknowledges Adkins' findings in its advisory, which included three new firmware versions for its DIR-820L router. The company expects to release firmware updates in the next week for the DIR-626L, DIR-636L, DIR-808L, DIR-810L, DIR-826L, DIR-830L and DIR-836L.

The most serious flaw Adkins found is a cross-site request forgery vulnerability (CSRF). A service running on the DIR-820L that handles dynamic requests such as updating usernames and passwords can be accessed if a victim can be lured to a malicious web page, according to Adkins' writeup.

The attacker would then have full control over a router and could change its DNS (Domain Name System) settings or launch a telnet service, among other misdeeds.

Adkins found other problems, too, one of which could allow unauthenticated access to the router if remote management is enabled. Another flaw allowed him to upload a file that would overwrite the router's DNS settings.

D-Link said some attacks can be blocked by disabling a remote management feature that can provide access to a router's settings. The capability is turned off by default, the company said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityD-LinkExploits / vulnerabilities

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments