Security vulnerability discoveries were reported last February to D-Link and surprisingly they still have not been fixed yet! The vulnerability allows remote code to be executed through the routersfirmware potentially leaving affected customers vulnerable to attack.The vulnerability can give an attacker complete control over any andall network traffic.
The effected products are:
- DI-524 (Wireless)
- DI-604*
- DI-624 (Wireless)
- DI-784* (Wireless)
- EBR-2310*
- WBR-1310 (Wireless)
- WBR-2310 (Wireless)
Unfortunately because some of theeffected routers are wireless it isn"t unlikely that an attacker mightcompromise the router by gaining access to the wireless portion of therouter and injecting malicious code. Even secured wireless routersaren"t foolproof and given enough time and resources these too can becompromised. The only advice that can be given at this point fromsecurity researchers is to discontinue using the affected routers untila fix is published by D-Link as there is nothing the consumer can to domitigate the issue themselves.
D-Link was also recently in the news when its engineers began using a FreeBSD NTP top level server as the primary time server for its devices. The issue was solved eventually, and new routers stopped using the NTP server.