Today It’s 60K EoL D-Link Routers That Aren’t Getting Patches

No, It’s Not A Repeat. Last Week Was 60K NAS Devices
Today in reasons to reconsider purchasing or recommending D-Link products, there are almost 60,000 D-Link DSL6740C routers that hit EoL at the beginning of this year with critical security flaws that will not be patched. The only good news, if you can call it that, is that the devices were only ever sold overseas; Taiwan having the most devices. The problem is that while the vulnerable devices may be located in Taiwan, once they are infected those that took advantage of EoL D-Link devices will not restrict their nefarious activities to that region. There is also the fact that we would rather not see any TSMC employees fall victim to this attack.
The vulnerabilities include a 9.8 that allows an attacker to change the password of an existing account on the router, thus granting themselves as much access as they could ever want while simultaneously locking the owner out of their router. There are two more, one allowing an unauthenticated user to gain far more details about the router than they ever should and one that lets someone with admin, probably thanks to the first bug, execute arbitrary commands via a special webpage.
It is unreasonable to expect companies to support their devices forever, however with devices that can cause serious havoc across the globe we need something better than a shrug from the manufacturers. At least give them a way to patch themselves or apply something like DD-WRT to the devices.
It is worth noting that the device was not available in the U.S. and reached end-of-service (EoS) phase at the beginning of the year.
More Tech News From Around The Web
- New Thermal Material Provides 72% Better Cooling Than Conventional Paste @ Slashdot
- AMD grabs a quarter of x86 market with desktop gains, but server growth slows @ The Register
- New ShrinkLocker ransomware decryptor recovers BitLocker password @ Bleeping Computer
- Admins can give thanks this November for dollops of Microsoft patches @ The Register
- The Ultimate in Debugging @ Slashdot
- Canada passes new right to repair rules with the same old problem @ The Register
- Microsoft Edge Is Trying To Forcefully Get Your Chrome Tabs Again @ Slashdot
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues @ Bleeping Computer
- Spotify’s Car Thing, Due For Bricking, Is Getting an Open Source Second Life @ Slashdot
- Quick Look: UGREEN Uno 65 W GaN Wall Charger, Uno 100 W GaN Wall Charger, and Uno 100 W USB-C Cable @ TechPowerUp