Written by: C. Anthony Esposito II
With all the leaks and information pouring out people starting really digging into their devices, and unless you’ve been living under a rock, you’ve heard about the router based backdoors. Well D-Link is finally stepping up to the plate and pushing out a fix.
Originally the vulnerability allowed you to reconstruct alpha_auth_check function. By doing so one could access the web interface without any authentication and edit or modify the device settings, essentially giving whoever wanted in a wide open backdoor to your network.
In a statement published on November 28th D-link said
“Various media reports have recently been published relating to vulnerabilities in network routers, including D-Link devices. Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards.
We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.
We will continue to update this page to include the relevant product firmware updates addressing these concerns.
In the meantime, you can exercise the below cautions to avoid unwanted intrusion into your D-Link router.”
So if any of the below routers belong to you, we strongly recommend you update ASAP!
D-Link Firmware updates –http://www.dlink.com/uk/en/support/security
DI-524
DI-524UP
DIR-100
DIR-120
DIR-300
DIR-600
DIR-615
DIR-645
DIR-815
DIR-845L
DIR-865L
DSL-320B
DSL-321B
Last Updated on January 23, 2017.
