Slashdot Mirror

← Back to Stories (view on slashdot.org)

D-Link Patches Critical Vulnerability In Older Routers

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes "D-Link has released firmware patches for a number of its older routers sporting a critical authentication security bypass vulnerability discovered in October. The flaw was discovered and its exploitability proved with a PoC by Tactical Network Solutions' security researcher Craig Heffner. D-Link confirmed the existence of the problem a few weeks later."

10 of 54 comments (clear)

  1. Well that's good. by johnnys · · Score: 5, Insightful

    Good guy D-Link!!!! It's nice to see a manufacturer actually helping out their customers instead of just making them buy a new router.

    --
    Sometimes the "writing on the wall" is blood spatter...
    1. Re:Well that's good. by pla · · Score: 4, Insightful

      The NSA will be none too pleased about this.

      The NSA wants to have access but keep others out. Known vulnerabilities let the "wrong" spies in. Why do you think *cough* "DLink" *cough* released this patch, anyway?

  2. Routers impacted by sitkill · · Score: 5, Informative

    Vulnerable devices include D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers.

  3. Now the question is.... by Dega704 · · Score: 4, Insightful

    How many of these devices will actually get patched by their users?

  4. What percentage will be upgraded? by bobsacks · · Score: 2

    It's good that the patch is available, but what percentage do you actually think will get fixed? Your average user isn't even going to know how to apply a firmware update much less be aware that they have a vulnerable router and need to update it.

    1. Re:What percentage will be upgraded? by garyoa1 · · Score: 2

      What am I missing here? Don't know of any ISP that supplies routers. And even replacing an older router with a faster one won't do a thing for speed. (unless it's bad) Most will handle 10 times the speed that the modem will.

      --
      Wuddooeyeno? IITYWYBMAD? Like nuts? eclecticallyincorrect.com
  5. Level of difference made : next to none. by richy+freeway · · Score: 4, Insightful

    How many people will actually apply this firmware update? 90% of people plug their router in, hook their equipment up to it and leave it that way until it breaks, then they replace it.

    1. Re:Level of difference made : next to none. by Anonymous Coward · · Score: 3, Insightful

      That is not the point. This release is about patching there corporate image, not the firmware.

  6. Another bug... by Anonymous Coward · · Score: 3, Informative

    Now they've to patch this... http://www.h725.co.vu/2013/11/d-link-whats-wrong-with-you.html

    1. Re:Another bug... by Zedrick · · Score: 2

      Spread it on facebook, twitter etc and they'll do something about it. They don't lift a finger until the marketing department takes notice.

      What's wrong with D-Link... well. I worked for D-Link support a long time ago, but it looks like nothing has changed. The people in Taiwan are doing their thing, and there's a lot of layers between them and the end user. I might still be bound by some kind of contract blaha, but one example: they refused to release the gpl'ed firmware sources to customers until I first reported them to the wall of shame on busybox.net, then reported it that my bosses and eventually got them to do something because it looked bad.