Archive for June 27, 2020

D-Link Decides To Only PARTIALLY Patch Routers That Have Serious Security Flaws…. WTF?

Posted in Commentary with tags on June 27, 2020 by itnerd

D-Link joins Netgear in being in my bad books because of this story from Bleeping Computer that details six security vulnerabilities in the DIR-865L wireless router. However, D-Link has only decided to patch three of those vulnerabilities:

D-Link has released a firmware update to fix three out of six security vulnerabilities reported for the DIR-865L wireless router model for consumers. One flaw is rated critical, others are high-severity.

Attackers can use the bugs to execute arbitrary commands, steal sensitive information, upload malware, or delete data.

Clearly these are not trivial vulnerabilities. And D-Link’s response is really bad. Here’s what they said:

“For US consumers, D-Link recommends this product be retired, and any further use may be a risk to devices connected to it and end-users connected to it” 

Seeing as this router was released in 2012, you can see why they have taken that stance. However since a lot of consumers simply install these routers and then forget about them, I believe that D-Link really needs to better support their customers. Or if you take D-Link at their word, this would be how I would deal with this situation. The second any D-Link router router goes end of life, replace it with a router from a vendor other than D-Link. Why? We’ve been here before with D-Link products. And they were slapped by the FTC for making insecure gear. Two big hints that you shouldn’t be buying their products.