Archive for DLink

DLink Won’t Fix Routers That Are Open To Remote Pwnage

Posted in Commentary with tags on October 9, 2019 by itnerd

If you have any of the following DLink routers, you may want to replace them with something else:

  • DIR-655
  • DIR-866L
  • DIR-652
  • DHP-1565

The reason being is that according to Threatpost, these routers have a vulnerability in their latest firmware that leaves them wide open to being pwned remotely. And then there’s this:

 D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers). The root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function. Fortinet describes this as a “typical security pitfall suffered by many firmware manufacturers.” With no patch available, affected users should upgrade their devices as soon as possible.

While I get that it’s not DLink’s fault that a vendor was sitting on some gear in a warehouse someplace for a long time and is selling months or years after it was discontinued, it doesn’t take away the fact that DLink needs to step up here. The fact is they are not fixing this issue because they don’t feel that they have any responsibility to. Clearly the fact that they got slapped by the FTC and are under 20 years of oversight means nothing to them.

In the absence of the FTC exercising their oversight powers, there’s one way to send a message to DLink that this behavior is not acceptable. Don’t buy their products. EVER. If they see their sales drop, maybe they will change their tune and act in a responsible manner.

Advertisements

DLink Must Submit To FTC Scrutiny To Make Their Legal Issues Go Away

Posted in Commentary with tags on July 4, 2019 by itnerd

It was a while ago that the news broke about the FTC taking DLink to court because the company made gear that was insecure. Fast forward to the present and a settlement order on the US antitrust body’s website which you can find here [Warning:PDF] details the fact that DLink has agreed to settle said lawsuit and they have pledged to maintain a “comprehensive software security program” for the next 20 years which designed to make its IP cameras and routers safe for consumers. On top of that DLink has to submit to a decade of product security audits by an agency appointed by the FTC to make sure that they are doing what they say they will do in terms of making their products secure.

Interestingly, DLink won’t have to admit to any wrongdoing. Which is interesting because by the time you agree to what I have written above, you’ve likely screwed up in some way. But I suppose that this is better than the alternative which is getting pummeled by the feds. And I suppose that this will not only make DLink gear safer, but it will send a message to gear makers everywhere that if you don’t make you gear safe, the feds will be on your doorstep. Thus in theory consumers are the big winners. Right?

Back Door Account Found in DLink DI-620 Routers Can Lead To Epic Pwnage

Posted in Commentary with tags , on May 23, 2018 by itnerd

Kaspersky Lab researchers have discovered a back door account on DLink DI-620 routers which if you have said router configured for admin access via the Internet, can lead a miscreant to pwn your router, and by extension your network. While this is an older device, there are a fair number of them floating around. Thus this discovery is not trivial. Because of that, Kaspersky is not disclosing the full details of this exploit to protect those who own this router, and are likely now considering using another router as we speak. For what it is worth, the best way to protect yourself is to ensure that the ability to log into this router from the Internet is disabled. I say that because DLink isn’t going to fix this as it is such an old device. Which I think says something about DLink.

Oh by the way, Kaspersky found three other security issues with this router. Which I think says something else about DLink.