fbpx

Serious Flaws Discovered in D-Link Routers – And it’s not getting fixed!

Serious Flaws Discovered in D-Link Routers – And it’s not getting fixed!

Researchers at Fortinet have uncovered serious flaws in four D-Link routers.  The vulnerabilities found allow for remote code execution which means a remote attacker could gain control of your router, snoop on your traffic and redirect your browser to malicious websites.

The back of an internet router

According to the researchers, four different models: DIR-652, DIR-655, DIR-866L and DHP-1565 could permit remote code execution.   These types of vulnerabilities get found in routers every once in a while and the manufacturers typically fix it by releasing an updated version to the firmware. This time, however, D-Link confirmed that it wouldn’t be releasing new firmware for these four models because they’ve reached their end-of-life.

If that sounds a bit slopey shouldered, then you are correct.  One of the models, the DIR-866L, was introduced in 2014 and discontinued only in 2018. Another model, the DIR-655, was introduced in 2006, but also discontinued only last year.  Three of them — the DIR-655, DIR-866L and DHP-1565 — can still be bought new from third-party sellers on Amazon’s U.S. website, and the first is even an Amazon’s Choice model.

D-Link is no stranger to vulnerabilities; in September, researchers discovered vulnerabilities in D-Link routers that can leak passwords for the devices, and which have the potential to affect every user on networks that use them for access. And in May, a researcher found attackers using the Google Cloud Platform to carry out three separate waves of DNS hijacking attacks against vulnerable D-Link and other consumer routers.

Our advice is that if you own one of these routers then get yourself a new router ASAP.  Otherwise you are at risk of getting hacked.

Contact us to learn more about how you can find out if you are affected by this.

Yarranton Limited

Comments are closed.