SINGAPORE: A number of D-Link routers have been found to have security vulnerabilities, prompting Singapore’s Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) to issue a joint advisory.
The vulnerabilities, which were found in D-Link’s DIR-800 series of routers, were discovered and published by security researchers on Sep 8 and 12, according to the joint advisory, which was released last Friday (Sep 15).
The affected products mentioned in the advisory were: DIR-850L, DIR-885L, DIR-890L and DIR-895L.
“Routers can be compromised to install malicious firmware, as well as compromise users’ information,” the advisory stated.
CSA added that it did not receive any request for assistance from users.
Nanyang Polytechnic’s Tin Aung Win told Channel NewsAsia in a phone interview that for the DIR-850L router specifically, the vulnerability is in the Web application that allows users to configure their passwords.
By exploiting this, hackers can wrest control of people’s routers without having to know their user ID or password, the manager of NYP’s School of Information Technology explained.
In response, D-Link has issued an advisory on its website, saying it has investigated the vulnerabilities on the DIR-850L and will issue a firmware update on Tuesday.
“Product security and customer privacy are important concerns to D-Link. D-Link has a task force and product management team ‘on call’ to provide immediate attention to address evolving security issues and implement appropriate security measures,” the Taiwan-headquartered company said.
Its statement did not mention the other routers that were said to have vulnerabilities.
CSA and IMDA said in the advisory that until a firmware update is available, affected consumers should disable remote management and use strong passwords for their Wi-Fi to minimise the risk of their device being compromised. They should also consider disabling the router’s SharePort feature, the agencies said.