Skip to main content
  1. Home
  2. Computing
  3. News

Despite serious security flaws, D-Link will (again) not patch some routers

Add as a preferred source on Google
Piotr Adamowicz

For the second time in roughly a year, D-Link has failed to act on warnings from security researchers involving the company’s routers. The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted D-Link last May about three vulnerabilities affecting eight router models. Following the warning, D-Link patched two of the affected routers, but did not initially reveal how it would proceed for the remaining six models. After further prompting from Adamczyk, D-Link revealed that the remaining six routers would not get a security patch because they were considered end-of-life models, leaving affected owners out in the cold.

“The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014,” Naked Security reported. Though these are not current models in D-Link’s portfolio, many of the listed models are still likely to be in use.

Recommended Videos

As a result of this impasse, Adamczyk released details about the security flaws, following responsible security protocols after giving D-Link notice and the opportunity to address the issues. Of significance is that this is the second time in about a year that D-Link has failed to address security vulnerabilities affecting its products after being notified by researchers; the last time this happened was in 2017 and involved a different set of vulnerabilities.

Adamczyk published a video showing how the vulnerabilities could be used together to achieve a path traversal attack on the affected routers. The security researcher noted that the new flaw arose after D-Link reported that it had fixed a prior security flaw. Also known as “directory traversal” or “dot dot slash” attacks, these flaws allow a malicious attacker to gain access to system files with a simple HTTP request.

Despite D-Link’s spotty history with supporting older router models, the manufacturer is not alone in leaving routers unpatched. The American Consumer Institute reported that of the 186 routers it had tested, 155 contained firmware vulnerabilities. In total, ACI discovered more than 32,000 known vulnerabilities in its study. “Our analysis shows that, on average, routers contained 12 critical vulnerabilities and 36 high-risk vulnerabilities, across the entire sample,” ACI noted in its report. “The most common vulnerabilities were medium-risk, with an average of 103 vulnerabilities per router.”

For shoppers who are in the market for a new router, it’s probably best to also check with the manufacturer to see what the supported lifespan of the router is. If the router is nearing its end of life, as in the case illustrated here, you may not get patches, regardless of how serious a security vulnerability may be. If you have an older router, you may want to consider checking out our guide for the best router options before you decide to upgrade.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Outlook will soon warn you before you answer an outdated email
Microsoft is bringing reply alerts, rule-based templates, and improved categories to Outlook
Computer, Electronics, Laptop

Microsoft has recently been cleaning up some longstanding Windows 11 pain points, including parts of the Start menu and Search. According to a new report from Windows Latest, the company is also preparing several useful changes for the new Outlook app on Windows 10 and Windows 11, which became generally available in 2024.

Microsoft is adding a warning for users who start replying to an older email after a newer response has arrived in the same conversation. The alert is meant to stop people from replying without seeing the latest information in the thread.

Read more
Google just changed how it grades the AI models you use for Android coding
Android Bench has a new testing framework and eight new models, so the rankings you remember are now out of date.
Android Bench featured.

Google just changed how it measures which AI models are best at writing Android app code, and the update has shuffled the rankings developers use to pick their tools. The company's Android Bench leaderboard, which launched in March, now runs on a new testing system called Harbor. Google says this replaces the older, more generic testing tool it used before, and gives a better read on how models perform on real Android tasks, like updating old code to Jetpack Compose or handling wearable device networking.

New models shake up the top of the list

Read more
ChatGPT is coming for one of Google’s smartest Chrome features
OpenAI brings ChatGPT to Chrome to challenge Google's Gemini Side Panel
OpenAI

OpenAI is expanding ChatGPT beyond its website with the launch of a new Chrome extension that can understand the contents of the webpage you're viewing. The extension allows users to ask questions about a page, summarize articles, explain complex concepts, and even kick off longer AI-powered tasks without leaving their browser.

The move positions ChatGPT as a direct competitor to Google's Gemini in Chrome, which introduced similar context-aware browsing features earlier this year. While both tools aim to bring AI directly into web browsing, they take slightly different approaches to productivity and automation.

Read more