D-Link’s Router Security May Be Horribly Flawed

Keeping your router secure is a fairly basic bit of networking sense, but it doesn’t help if the firmware updates on your router apparently don't fix the very bugs they're meant to squash.

That may be the case with D-Link's DIR-890L, which, as per HackADay, may contain a bug in the firmware around the Home Network Administration Protocol that allowed authentication to be bypassed. To make matters worse, it’s a relatively simple string error that could be addressed.

To complicate matters, it’s a repetition of a bug that hit an earlier D-Link router that was patched, and a patch for the bug in the DIR-890L was issued. Upon analysis, it appears that the new fix for the old bug doesn't actually correct the original error at all.

Or in other words, ouch. Hopefully D-Link will sort out a robust fix rather quickly, because as it stands there's not much the end user can do in this case.

D-Link Fails At Strings [HackADay]


Comments

    D-Link, Netgear and Linksys, the official routers of the NSA

Join the discussion!

Trending Stories Right Now