Skip to main content

Despite serious security flaws, D-Link will (again) not patch some routers

Piotr Adamowicz

For the second time in roughly a year, D-Link has failed to act on warnings from security researchers involving the company’s routers. The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted D-Link last May about three vulnerabilities affecting eight router models. Following the warning, D-Link patched two of the affected routers, but did not initially reveal how it would proceed for the remaining six models. After further prompting from Adamczyk, D-Link revealed that the remaining six routers would not get a security patch because they were considered end-of-life models, leaving affected owners out in the cold.

Recommended Videos

“The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014,” Naked Security reported. Though these are not current models in D-Link’s portfolio, many of the listed models are still likely to be in use.

As a result of this impasse, Adamczyk released details about the security flaws, following responsible security protocols after giving D-Link notice and the opportunity to address the issues. Of significance is that this is the second time in about a year that D-Link has failed to address security vulnerabilities affecting its products after being notified by researchers; the last time this happened was in 2017 and involved a different set of vulnerabilities.

Adamczyk published a video showing how the vulnerabilities could be used together to achieve a path traversal attack on the affected routers. The security researcher noted that the new flaw arose after D-Link reported that it had fixed a prior security flaw. Also known as “directory traversal” or “dot dot slash” attacks, these flaws allow a malicious attacker to gain access to system files with a simple HTTP request.

Despite D-Link’s spotty history with supporting older router models, the manufacturer is not alone in leaving routers unpatched. The American Consumer Institute reported that of the 186 routers it had tested, 155 contained firmware vulnerabilities. In total, ACI discovered more than 32,000 known vulnerabilities in its study. “Our analysis shows that, on average, routers contained 12 critical vulnerabilities and 36 high-risk vulnerabilities, across the entire sample,” ACI noted in its report. “The most common vulnerabilities were medium-risk, with an average of 103 vulnerabilities per router.”

For shoppers who are in the market for a new router, it’s probably best to also check with the manufacturer to see what the supported lifespan of the router is. If the router is nearing its end of life, as in the case illustrated here, you may not get patches, regardless of how serious a security vulnerability may be. If you have an older router, you may want to consider checking out our guide for the best router options before you decide to upgrade.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Intel could give us Wi-Fi 7 devices long before Apple gets around to it
Internals of Surface Laptop Studio.

Wi-Fi 7 may not exist in devices today, but that isn't stopping Intel from forging ahead with it. Intel is planning to introduce Wi-Fi 7 sometime in 2024 just as Apple turns to Wi-Fi 6E for its upcoming devices. Intel will be doubling down on Wi-Fi 7 development efforts over the coming year, according to Eric McLaughlin, Intel's vice-president of wireless solutions.

"We are currently developing Intel's Wi-Fi '802.11be' in order to obtain the 'Wi-Fi Alliance' certification, and it will be installed in PC products such as laptops by 2024," McLaughlin said in a press conference earlier today. "We expect it to appear in major markets in 2025."

Read more
Linksys’ new dual-band Wi-Fi 6 routers are surprisingly affordable
The Linksys Hydra 6 dual-band mesh WiFi 6 router.

As Wi-Fi 6 is still a relatively new standard, the costs of routers that come with the technology are still on the pricier side. However, Linksys has announced an expansion of its Wi-Fi 6 mesh systems range that will offer “the most affordable prices to date for the brand.”

As reported by Guru3D, the aforementioned devices are the Linksys Hydra 6 and Atlas 6, the company’s latest Wi-Fi 6 entry-level dual-band products.

Read more
TP-Link’s Wi-Fi 6E router comes with motorized antennas for better reception
The TP-Link Archer AXE200 Omni with its antennas in motion.

To deliver better Wi-Fi reception and coverage, especially in larger homes, TP-Link is bringing new innovation to the router space. The company's latest Wi-Fi 6E router, the TP-Link Archer AXE200 Omni comes with four antennas that are motorized, allowing them to pivot and swivel towards your devices as you move around the house.

Essentially, by tailing your connected devices, the TP-Link Archer AXE200 Omni will help to send out the strongest signals to your devices.

Read more