Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Find D-Link DWR-932 Router Is 'Chock Full of Holes' (helpnetsecurity.com)

Posted by msmash on from the security-woes dept.

Reader JustAnotherOldGuy writes: Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities in the LTE router/portable wireless hotspot D-Link DWR-932. Kim found the latest available firmware has these vulnerabilities: Two backdoor accounts with easy-to-guess passwords that can be used to bypass the HTTP authentication used to manage the router
-A default, hardcoded Wi-Fi Protected Setup (WPS) PIN, as well as a weak WPS PIN generation algorithm
- Multiple vulnerabilities in the HTTP daemon
- Hardcoded remote Firmware Over The Air credentials
- Lowered security in Universal Plug and Play, and more.
"At best, the vulnerabilities are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor," says Kim, and advises users to stop using the device until adequate fixes are provided.

9 of 70 comments (clear)

  1. "Oh my God, it's full of holes!" by neo-mkrey · · Score: 3, Funny

    Of course it is David, it's D-Link.

  2. Those are "Speed Holes" by decipher_saint · · Score: 2, Funny

    For faster internet DUH

    --
    crazy dynamite monkey
  3. Hey! by halivar · · Score: 3, Funny

    Guess who has two thumbs and bought a D-Link router yesterday?

    *This* dumbass. :(

    1. Re:Hey! by Anonymous Coward · · Score: 2, Informative

      Guess who has two thumbs and bought a D-Link router yesterday?

      *This* dumbass. :(

      return it... we have to push back on bad products in a way that manufactures will understand, return the product as defective.

    2. Re:Hey! by A10Mechanic · · Score: 2

      Bob Kelso? But seriously, never look at car prices after you've bought a car, and avoid SlashDot after buying tech gear.

    3. Re:Hey! by barc0001 · · Score: 2

      I haven't bought a D-Link router in years. They used to be all right value for the money but over the last 6-8 years it seems like the quality vastly varied between even small model revisions so I got tired of the D-Link Russian Roulette and started buying other routers. ASUS routers have been consistently good in my experience so far, Linksys is a crap shoot like D-Link so I avoid, NetGear is utilitarian but acceptable.

    4. Re:Hey! by Narcocide · · Score: 2

      Linksys stopped being good sometime shortly after being sold to Cisco. NetGear is usually fine but will fall over under heavy traffic if you add too many custom routes.

    5. Re:Hey! by adolf · · Score: 2

      Sure. I use one of these, with this firmware, making it a cute little self-contained Linux box with both a HTML GUI and a command-line interface that is as complete as you want to make it. (I've got a build environment on mine, just because I can.)

      802.11ac, dual-core 800MHz ARM, 256MB of RAM and 128MB of flash (all of which are complete overkill for this application), along with multiple USB ports for plugging in random goodies.

      --
      Kid-proof tablet..
  4. Don't buy a router unless you can install openwrt. by anwyn · · Score: 3, Insightful

    Where ever you look commercial routers are full of security vulnerabilities.