DLink Won’t Fix Routers That Are Open To Remote Pwnage

If you have any of the following DLink routers, you may want to replace them with something else:

  • DIR-655
  • DIR-866L
  • DIR-652
  • DHP-1565

The reason being is that according to Threatpost, these routers have a vulnerability in their latest firmware that leaves them wide open to being pwned remotely. And then there’s this:

 D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers). The root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function. Fortinet describes this as a “typical security pitfall suffered by many firmware manufacturers.” With no patch available, affected users should upgrade their devices as soon as possible.

While I get that it’s not DLink’s fault that a vendor was sitting on some gear in a warehouse someplace for a long time and is selling months or years after it was discontinued, it doesn’t take away the fact that DLink needs to step up here. The fact is they are not fixing this issue because they don’t feel that they have any responsibility to. Clearly the fact that they got slapped by the FTC and are under 20 years of oversight means nothing to them.

In the absence of the FTC exercising their oversight powers, there’s one way to send a message to DLink that this behavior is not acceptable. Don’t buy their products. EVER. If they see their sales drop, maybe they will change their tune and act in a responsible manner.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: