The IT Nerd

If you have any of the following DLink routers, you may want to replace them with something else:

• DIR-655
• DIR-866L
• DIR-652
• DHP-1565

The reason being is that according to Threatpost, these routers have a vulnerability in their latest firmware that leaves them wide open to being pwned remotely. And then there’s this:

 D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers). The root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function. Fortinet describes this as a “typical security pitfall suffered by many firmware manufacturers.” With no patch available, affected users should upgrade their devices as soon as possible.

While I get that it’s not DLink’s fault that a vendor was sitting on some gear in a warehouse someplace for a long time and is selling months or years after it was discontinued, it doesn’t take away the fact that DLink needs to step up here. The fact is they are not fixing this issue because they don’t feel that they have any responsibility to. Clearly the fact that they got slapped by the FTC and are under 20 years of oversight means nothing to them.

In the absence of the FTC exercising their oversight powers, there’s one way to send a message to DLink that this behavior is not acceptable. Don’t buy their products. EVER. If they see their sales drop, maybe they will change their tune and act in a responsible manner.

This entry was posted on October 9, 2019 at 10:40 am and is filed under Commentary with tags DLink. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.