D-Link Patches Critical Vulnerability In Older Routers

An anonymous reader writes "D-Link has released firmware patches for a number of its older routers sporting a critical authentication security bypass vulnerability discovered in October. The flaw was discovered and its exploitability proved with a PoC by Tactical Network Solutions' security researcher Craig Heffner. D-Link confirmed the existence of the problem a few weeks later."

Well that's good.

[johnnys]

Good guy D-Link!!!! It's nice to see a manufacturer actually helping out their customers instead of just making them buy a new router.

Re:Well that's good.

[pla]

The NSA will be none too pleased about this.

The NSA wants to have access but keep others out. Known vulnerabilities let the "wrong" spies in. Why do you think *cough* "DLink" *cough* released this patch, anyway?

Routers impacted

[sitkill]

Vulnerable devices include D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers.

Now the question is....

[Dega704]

How many of these devices will actually get patched by their users?

Level of difference made : next to none.

[richy+freeway]

How many people will actually apply this firmware update? 90% of people plug their router in, hook their equipment up to it and leave it that way until it breaks, then they replace it.

Re:Level of difference made : next to none.

That is not the point. This release is about patching there corporate image, not the firmware.

Another bug...

Now they've to patch this... http://www.h725.co.vu/2013/11/d-link-whats-wrong-with-you.html