Despite serious security flaws, D-Link will (again) not patch some routers

modem vs router plugging in
Piotr Adamowicz

For the second time in roughly a year, D-Link has failed to act on warnings from security researchers involving the company’s routers. The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted D-Link last May about three vulnerabilities affecting eight router models. Following the warning, D-Link patched two of the affected routers, but did not initially reveal how it would proceed for the remaining six models. After further prompting from Adamczyk, D-Link revealed that the remaining six routers would not get a security patch because they were considered end-of-life models, leaving affected owners out in the cold.

“The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014,” Naked Security reported. Though these are not current models in D-Link’s portfolio, many of the listed models are still likely to be in use.

As a result of this impasse, Adamczyk released details about the security flaws, following responsible security protocols after giving D-Link notice and the opportunity to address the issues. Of significance is that this is the second time in about a year that D-Link has failed to address security vulnerabilities affecting its products after being notified by researchers; the last time this happened was in 2017 and involved a different set of vulnerabilities.

Adamczyk published a video showing how the vulnerabilities could be used together to achieve a path traversal attack on the affected routers. The security researcher noted that the new flaw arose after D-Link reported that it had fixed a prior security flaw. Also known as “directory traversal” or “dot dot slash” attacks, these flaws allow a malicious attacker to gain access to system files with a simple HTTP request.

Despite D-Link’s spotty history with supporting older router models, the manufacturer is not alone in leaving routers unpatched. The American Consumer Institute reported that of the 186 routers it had tested, 155 contained firmware vulnerabilities. In total, ACI discovered more than 32,000 known vulnerabilities in its study. “Our analysis shows that, on average, routers contained 12 critical vulnerabilities and 36 high-risk vulnerabilities, across the entire sample,” ACI noted in its report. “The most common vulnerabilities were medium-risk, with an average of 103 vulnerabilities per router.”

For shoppers who are in the market for a new router, it’s probably best to also check with the manufacturer to see what the supported lifespan of the router is. If the router is nearing its end of life, as in the case illustrated here, you may not get patches, regardless of how serious a security vulnerability may be. If you have an older router, you may want to consider checking out our guide for the best router options before you decide to upgrade.

Mobile

Apple’s iPhone battery offer was reportedly way more popular than expected

As many as 11 million iPhone owners reportedly made use of Apple's cheaper battery replacement offer that launched in 2018 in response to the iPhone throttling debacle — some 10 times more than the company had apparently expected.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Web

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.
Outdoors

Here are all the best rain jackets on the market right now

From high-tech, lightweight shells to modern-looking, waterproof trench coats, check out our list of the best rain jackets built to keep you dry and looking stylish in any season.
Computing

Faster new PCIe 5.0 standard leapfrogs the best feature of AMD’s Ryzen 3

PCIe 5.0 will bring even faster data transfers, but it may only be found on HPCs and servers initially. The standard is four times faster than your current PC at transferring data, and new devices could appear later this year.
Deals

From Chromebooks to MacBooks, here are the best laptop deals for January 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Product Review

LG Gram 14 proves 2-in-1 laptops don’t need to sacrifice battery for light weight

The LG Gram 14 2-in-1 aims to be very light for a laptop that converts to a tablet. And it is. But it doesn’t skimp on the battery, and so it lasts a very long time on a charge.
Computing

Keep your laptop battery in tip-top condition with these handy tips

Learn how to care for your laptop's battery, how it works, and what you can do to make sure yours last for years and retains its charge. Check out our handy guide for valuable tips, no matter what type of laptop you have.
Computing

Protect your expensive new laptop with the best Macbook cases

If you recently picked up a new MacBook, you’ll want something to protect its gorgeous exterior. Here, we've gathered the best MacBook cases and covers, whether you're looking for style or protection.
Computing

Watch out for these top-10 mistakes people make when buying a laptop

Buying a new laptop is exciting, but you need to watch your footing. There are a number of pitfalls you need to avoid and we're here to help. Check out these top-10 laptop buying mistakes and how to avoid them.
Computing

Don't spend a fortune on a PC. These are the best laptops under $300

Buying a laptop needn't mean spending a fortune. If you're just looking to browse the internet, answer emails, and watch Netflix, you can pick up a great laptop at a great price. These are the best laptops under $300.
Computing

Dell XPS 13 vs. Asus Zenbook 13: In battle of champions, who will be the victor?

The ZenBook 13 UX333 continues Asus's tradition of offering great budget-oriented 13-inch laptop offerings. Does this affordable machine offer enough value to compete with the excellent Dell XPS 13?
Gaming

Take a trip to a new virtual world with one of these awesome HTC Vive games

So you’re considering an HTC Vive, but don't know which games to get? Our list of 25 of the best HTC Vive games will help you out, whether you're into rhythm-based gaming, interstellar dogfights, or something else entirely.
Computing

The Asus ZenBook 13 offers more value and performance than Apple's MacBook Air

The Asus ZenBook 13 UX333 is the latest in that company's excellent "budget" laptop line, and it looks and feels better than ever. How does it compare to Apple's latest MacBook Air?