D-Link DIR-800 series routers found to have zero-day security flaws
D-Link DIR-800 series routers found to have zero-day security flaws
Bad news if you are using a D-Link router. A security researcher has found zero-day flaws affecting a number of D-Link routers. As a result, the Cyber Security Agency of Singapore and the Infocomm Media Development Authority have issued a joint advisory.
According to the joint advisory, zero-day flaws have been discovered in a number of D-Link DIR-800 series routers. The affected routers are as follows:
- D-Link DIR-850L
- D-Link DIR-885L
- D-Link DIR-890L
- D-Link DIR-895L
The advisory also says that these routers can be comprised to install malicious firmware or can be manipulated to steal users' data.
D-Link, in response, has said that it has a task force and product management team "on call" to provide immediate attention to address evolving security issues and to implement security measures.
More importantly, it also said that a firmware update will be provided on 19th September. So owners, please remember to update your firmware.
In the meantime, D-Link recommends the following actions to protect yourself:
- Reset the router to its default factory setting.
- Disable the WAN remote admin feature
- Do not access the router through unauthorized Wi-Fi.
- Change the wireless SSID password and PIN code to prevent unauthorized users from accessing the LAN.
- Change the device’s administrator password. Be sure to use a strong new password.
Source: SingCERT