DLink Won’t Fix Routers That Are Open To Remote Pwnage

If you have any of the following DLink routers, you may want to replace them with something else:

  • DIR-655
  • DIR-866L
  • DIR-652
  • DHP-1565

The reason being is that according to Threatpost, these routers have a vulnerability in their latest firmware that leaves them wide open to being pwned remotely. And then there’s this:

 D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers). The root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function. Fortinet describes this as a “typical security pitfall suffered by many firmware manufacturers.” With no patch available, affected users should upgrade their devices as soon as possible.

While I get that it’s not DLink’s fault that a vendor was sitting on some gear in a warehouse someplace for a long time and is selling months or years after it was discontinued, it doesn’t take away the fact that DLink needs to step up here. The fact is they are not fixing this issue because they don’t feel that they have any responsibility to. Clearly the fact that they got slapped by the FTC and are under 20 years of oversight means nothing to them.

In the absence of the FTC exercising their oversight powers, there’s one way to send a message to DLink that this behavior is not acceptable. Don’t buy their products. EVER. If they see their sales drop, maybe they will change their tune and act in a responsible manner.

One Response to “DLink Won’t Fix Routers That Are Open To Remote Pwnage”

  1. […] router router goes end of life, replace it with a router from a vendor other than D-Link. Why? We’ve been here before with D-Link products. And they were slapped by the FTC for making insecure gear. Two big hints that you shouldn’t […]

Leave a Reply

%d bloggers like this: