A buffer overflow vulnerability discovered several D-Link wired and wireless routers could allow attackers to execute arbitrary code and potentially compromise entire networks. eEye Digital Security, an Aliso Viejo, Calif.-based security firm, issued an advisory on the vulnerability Monday. The company had notified D-Link about the flaw in February.
The vulnerability affects the Local Area Network (LAN) interface of several of D-Link"s consumer-grade routers, and a company spokesperson said the Fountain Valley, Calif.-based networking vendor has released patches for download on its Web site. Mike Puterbaugh, vice president of marketing at eEye, said the vulnerability is serious given the widespread use of D-Link routers in small-business and home networks. "The footprint of D-Link"s install base is significant, and this could have potentially turned into a big issue," he said.