also @ TechSpot: Building a Thin Mini-ITX PC: Small and Silent Performance

D-Link does not fix security hole after months

By

On July 2, 2006, 3:40 AM

An interesting report on Dailytech indicates that a critical security hole affecting certain D-Link routers remains unfixed after several months, with little to no sign that the company plans to update the products' firmware and resolve the problem. The affected products are: DI-524 (Wireless), DI-604*, DI-624 (Wireless), DI-784* (Wireless), EBR-2310*, WBR-1310 (Wireless), WBR-2310 (Wireless). * Denotes firmware update available.

The vulnerability allows remote code to be executed through the routers firmware potentially leaving affected customers vulnerable to attack. The vulnerability can give an attacker complete control over any and all network traffic.
This is a very serious issue being overlooked by one of the largest home router providers. Reportedly, the bug only affects the LAN part of the router, however because some of them offer wireless capabilities, there is still room for compromising the connection.

No tags on this story

6 comments

User Comments: 6

Got something to say? Post a comment
  1. July 2, 2006 2:54 PM
    canadian said:
    Awwww no. I have the DI-624!!! Well, I hope I dont get a hacker after me.
    Reply
  2. July 2, 2006 6:07 PM
    Nancy Jameson said:
    lol no surprise. They also copied the Spam Cube (www.spamcube.com) product and called it "securespot" Its funny how tech companies are getting away with this stuff and now theyre answering options probes, SEC inquiry anyone?
    Reply
  3. July 2, 2006 6:46 PM
    pikaj00 said:
    kinda makes me glad that i have a linksys WRT54GS with DD-WRT firmware instead of being forced to use the manufacturer's firmware, which more often than not is way out of date. then again, most likely you can partially avoid the exploit by turning on AP isolation if you have wireless. if you allow wrongdoers to connect via ethernet to your router.... thats your problem looks like ill have to tell my friend about this... he has a 604 i think.
    Reply
  4. July 2, 2006 11:57 PM
    DragonMaster said:
    I have 624, with wireless disabled.604 isn't wireless AFAIK so the vulnerability isn't a big problem unless he downloads anything.
    Reply
  5. July 3, 2006 9:36 AM
    pikaj00 said:
    [b]Originally posted by DragonMaster:[/b][quote]I have 624, with wireless disabled.604 isn't wireless AFAIK so the vulnerability isn't a big problem unless he downloads anything.[/quote]well, the article states its only a LAN-side exploit, so wether he downloads anything or not is irrelevant. the problem is that he allows somewhat malicious individuals (his other friends) to go on his network without any sort of protection on his computer or other computers already on the network. luckily its not wireless as you said, but in this case it doesnt matter since he lets morons on his network who like to cause trouble. in a way i hope they DONT fix it, because that just makes people all the more willing to find a way to force linux on d-link routers like dd-wrt did with the wxworks versions of the linksys WRT54G/GS.
    Reply
  6. July 6, 2006 1:03 AM
    Sir_Brizz said:
    For anyone interested, many D-Link products received a firmware update today, including the WBR-2310 which attempts to fix this exploit.I do have to say, though, that anyone dumb enough to let someone on their LAN that would do something like this deserves for it to happen to them.
    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Mice

Downloads and Drivers

Downloads   Drivers  

Wise Folder Hider 1.35.71

HelpNDoc 3.9.1

Sublight 4.0

x264 Video Codec rev. 2334

iSpy 5.0.9.0

More Downloads

Latest Discussion

How to remove write protection of USB mass storage with no visible lock/unlock 12 replies on Storage and Networking

Moar Free Dota2 6 replies on Gaming

Graphics Card Question 5 replies on Audio and Video

Unsure if my new graphics card will work with my PC 7 replies on Audio and Video

Which is the best smartphone to buy? 14 replies on Mobile Computing

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.