Today It’s 60K EoL D-Link Routers That Aren’t Getting Patches

Source: Bleeping Computer Today It’s 60K EoL D-Link Routers That Aren’t Getting Patches

No, It’s Not A Repeat.  Last Week Was 60K NAS Devices

Today in reasons to reconsider purchasing or recommending D-Link products, there are almost 60,000 D-Link DSL6740C routers that hit EoL at the beginning of this year with critical security flaws that will not be patched.  The only good news, if you can call it that, is that the devices were only ever sold overseas; Taiwan having the most devices.  The problem is that while the vulnerable devices may be located in Taiwan, once they are infected those that took advantage of EoL D-Link devices will not restrict their nefarious activities to that region.  There is also the fact that we would rather not see any TSMC employees fall victim to this attack.

The vulnerabilities include a 9.8 that allows an attacker to change the password of an existing account on the router, thus granting themselves as much access as they could ever want while simultaneously locking the owner out of their router.   There are two more, one allowing an unauthenticated user to gain far more details about the router than they ever should and one that lets someone with admin, probably thanks to the first bug, execute arbitrary commands via a special webpage.

It is unreasonable to expect companies to support their devices forever, however with devices that can cause serious havoc across the globe we need something better than a shrug from the manufacturers.  At least give them a way to patch themselves or apply something like DD-WRT to the devices.

It is worth noting that the device was not available in the U.S. and reached end-of-service (EoS) phase at the beginning of the year.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!