Despite serious security flaws, D-Link will (again) not patch some routers

modem vs router plugging in
Piotr Adamowicz

For the second time in roughly a year, D-Link has failed to act on warnings from security researchers involving the company’s routers. The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted D-Link last May about three vulnerabilities affecting eight router models. Following the warning, D-Link patched two of the affected routers, but did not initially reveal how it would proceed for the remaining six models. After further prompting from Adamczyk, D-Link revealed that the remaining six routers would not get a security patch because they were considered end-of-life models, leaving affected owners out in the cold.

“The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014,” Naked Security reported. Though these are not current models in D-Link’s portfolio, many of the listed models are still likely to be in use.

As a result of this impasse, Adamczyk released details about the security flaws, following responsible security protocols after giving D-Link notice and the opportunity to address the issues. Of significance is that this is the second time in about a year that D-Link has failed to address security vulnerabilities affecting its products after being notified by researchers; the last time this happened was in 2017 and involved a different set of vulnerabilities.

Adamczyk published a video showing how the vulnerabilities could be used together to achieve a path traversal attack on the affected routers. The security researcher noted that the new flaw arose after D-Link reported that it had fixed a prior security flaw. Also known as “directory traversal” or “dot dot slash” attacks, these flaws allow a malicious attacker to gain access to system files with a simple HTTP request.

Despite D-Link’s spotty history with supporting older router models, the manufacturer is not alone in leaving routers unpatched. The American Consumer Institute reported that of the 186 routers it had tested, 155 contained firmware vulnerabilities. In total, ACI discovered more than 32,000 known vulnerabilities in its study. “Our analysis shows that, on average, routers contained 12 critical vulnerabilities and 36 high-risk vulnerabilities, across the entire sample,” ACI noted in its report. “The most common vulnerabilities were medium-risk, with an average of 103 vulnerabilities per router.”

For shoppers who are in the market for a new router, it’s probably best to also check with the manufacturer to see what the supported lifespan of the router is. If the router is nearing its end of life, as in the case illustrated here, you may not get patches, regardless of how serious a security vulnerability may be. If you have an older router, you may want to consider checking out our guide for the best router options before you decide to upgrade.

Emerging Tech

Watch this lab-grown heart tissue beat just like the real thing

A team of researchers in Germany have used stem cells to create a lab-grown human heart tissue which actually beats, as well as responding to drugs in the same way as the real thing.
Computing

Hacker infects 100K routers in latest botnet attack aimed at sending email spam

An attacker is trying to infect your router with malware in order to send spam emails. If your router uses a Broadcom UPnP SDK, it could become vulnerable to this attack. So far, 100,000 routers worldwide have been infected.
Computing

The MacBook Air’s battery is easier to replace, but you can’t do it at home

Even though Apple is providing tools to service technicians to make it easier to replace the MacBook Air's battery when you take your laptop in for repair, users still won't be able to do swap batteries at home.
Mobile

How to remove Android malware from your phone or tablet

Did you download an infected app? You need to remove Android malware as soon as possible. Here's the process to uninstall, along with some recommendations on how to safeguard your phone.
Computing

AMD is pulling ahead in the die shrink race with 7nm CPUs and graphics cards

AMD might have played second fiddle to Intel and AMD for a long time, but it has the potential to leapfrog both when it debuts its new 7nm CPUs and graphics cards in 2019, leading the die-shrink race for the first time in years.
Deals

Black Friday 2018: The best deals so far

Black Friday is the biggest shopping holiday of the year, and it will be here before you know it. If you can't wait until November 23 to start formulating a shopping plan, we've got you covered.
Computing

Stay connected with the Surface Go LTE Advanced, coming November 20 for $679

The new Surface Go LTE Advanced model delivers benefits for anyone who is looking to enjoy LTE coverage and stay connected on Windows 10 when traveling on the road or away from home.
Computing

Cloudflare’s privacy-enhancing 1.1.1.1 DNS service comes to iOS and Android

Cloudflare's 1.1.1.1 DNS resolver service has been ported to mobile devices, and now anyone with an Android or iOS device can download it for free to take advantage of its speed and privacy-boosting features.
Gaming

The plug-and-play PC Classic joins the retro console bandwagon

Gaming company Unit-e is creating the PC Classic, a plug-and-play retro console that will come bundled with around 30 of the best DOS games. The system will support gamepads and keyboard setups.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they've accumulated files and misconfigured settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

Best Buy’s pre-Black Friday deal takes $330 off the 2017 Surface Pro bundle

If you don't need the latest Surface Pro, Best Buy has a heavily discounted rendition of the 2017 model available in its pre-Black Friday sale. For just $1,000, you can get the tablet with a Core i5 CPU.
Computing

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Computing

Mozilla’s built-in price-tracking extension makes it easy to shop with Firefox

Mozilla has heard those worries about Black Friday shopping, and is now introducing a new set of experimental extensions which aim to make it easier to find the best deals online.
Computing

Buying a laptop on Black Friday? Don't make one of these rookie mistakes

Shopping for a laptop on Black Friday can win you some excellent deals, but you should also avoid making common mistakes. Check out what to avoid when buying a laptop for Black Friday and what danger signs to be wary of.