Skip to main content

Despite serious security flaws, D-Link will (again) not patch some routers

Piotr Adamowicz

For the second time in roughly a year, D-Link has failed to act on warnings from security researchers involving the company’s routers. The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted D-Link last May about three vulnerabilities affecting eight router models. Following the warning, D-Link patched two of the affected routers, but did not initially reveal how it would proceed for the remaining six models. After further prompting from Adamczyk, D-Link revealed that the remaining six routers would not get a security patch because they were considered end-of-life models, leaving affected owners out in the cold.

“The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014,” Naked Security reported. Though these are not current models in D-Link’s portfolio, many of the listed models are still likely to be in use.

As a result of this impasse, Adamczyk released details about the security flaws, following responsible security protocols after giving D-Link notice and the opportunity to address the issues. Of significance is that this is the second time in about a year that D-Link has failed to address security vulnerabilities affecting its products after being notified by researchers; the last time this happened was in 2017 and involved a different set of vulnerabilities.

Adamczyk published a video showing how the vulnerabilities could be used together to achieve a path traversal attack on the affected routers. The security researcher noted that the new flaw arose after D-Link reported that it had fixed a prior security flaw. Also known as “directory traversal” or “dot dot slash” attacks, these flaws allow a malicious attacker to gain access to system files with a simple HTTP request.

Despite D-Link’s spotty history with supporting older router models, the manufacturer is not alone in leaving routers unpatched. The American Consumer Institute reported that of the 186 routers it had tested, 155 contained firmware vulnerabilities. In total, ACI discovered more than 32,000 known vulnerabilities in its study. “Our analysis shows that, on average, routers contained 12 critical vulnerabilities and 36 high-risk vulnerabilities, across the entire sample,” ACI noted in its report. “The most common vulnerabilities were medium-risk, with an average of 103 vulnerabilities per router.”

For shoppers who are in the market for a new router, it’s probably best to also check with the manufacturer to see what the supported lifespan of the router is. If the router is nearing its end of life, as in the case illustrated here, you may not get patches, regardless of how serious a security vulnerability may be. If you have an older router, you may want to consider checking out our guide for the best router options before you decide to upgrade.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Netgear’s new Nighthawk gaming router brings Wi-Fi 6E speeds to the masses
The Nighthawk RAXE300 on a tabletop in a home.

If you love the design -- and performance -- of Netgear's tried and trusted wing-shaped Nighthawk routers, the latest Nighthawk RAXE300 should catch your eye. The RAXE300 is a Wi-Fi 6E router that was announced ahead of CES this year, and this new, more affordable model joins the much beloved and more premium RAXE500, which is one of our favorite gaming routers on the market today.

Like the premium RAXE500, the RAXE300's adoption of Wi-Fi 6E should lead to better performance with more spectrum, more high bandwidth channels, and less interference with reduced latency, according to Netgear.

Read more
4 things you can do right now to prep your Wi-Fi network for holiday houseguests
Netgear's Nighthawk RAXE500 tri-band router.

Every year, damn near everyone in my family drives out to rural Oregon and piles into my mom's house for the holidays. It's ridiculous. Suddenly, the number of occupants in the house balloons from just two people to well over a dozen -- and every year, mom's Wi-Fi just can't handle all the extra network traffic.

Or at least it couldn't. Things are different this year. I got tired of dealing with glitchy video calls, dial-up-speed page loads, and Netflix movies that would pause to buffer every 15 seconds -- so I made some small adjustments to her network setup. Thanks to those little tweaks, I'm proud to report that my mom's snail-like rural broadband connection can now comfortably handle a house full of web users -- and yours can, too.

Read more
Best long-range Wi-Fi routers for 2022
Netgear's Orbi 5G broadcasts your mobile broadband connection over Wi-Fi 6.

While there are many routers capable of delivering fast speeds and the latest Wi-Fi 6 technology, some homes or small offices are simply too large to cover. In general, a whole-home mesh networking solution will be able to blanket larger spaces with a reliable, speedy Wi-Fi signal, but for those who don't want to install satellite receivers and nodes, having a robust Wi-Fi router will also do the trick. These are some of the best long-range Wi-Fi and mesh Wi-Fi systems that can cover homes in varying sizes from 5,000 to even 8,000 square feet.
Best long-range Wi-Fi routers

Netgear Nighthawk RAX200
Netgear Orbi 5G Wi-Fi 6 Mesh System NBK752
Linksys Velop MX12600
Asus ROG Rapture GT-AX11000
TP-Link Archer AX6000
Eero 6
Asus RT-AX88U
Google Nest Wi-Fi

Read more