Skip to main content

Massive security vulnerability discovered in D-Link routers

A security researcher has discovered a backdoor vulnerability with certain D-Link routers that might allow cyber criminals to alter a router's setting without a username or password.

In a note on its website, D-Link said it is "proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed."

The glitch was discovered by Craig Heffner from Tactical Network Solutions. He charted the hack in a technical blog post, but what it boils down to is a vulnerability that lets scammers "access the web interface without any authentication and view/change the device settings."

According to PC World, D-Link plans to release a firmware update for the problem by the end of the month. D-Link did not immediately respond to a request for comment.

As the site noted, the discovery is problematic because an attacker could, for example, change the DNS settings on a router and redirect users to malicious websites.

"Security and performance is of the utmost importance to D-Link across all product lines," D-Link said on its site. "This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards."

D-Link has promised updates about the situation on its website.

But in the meantime, it has warned users to ignore unsolicited emails because clicking on links within these messages could allow for unauthorised access to a router.