Aging D-Link Routers No Longer Supported Or Secure
By: Jim Stickley and Tina Davis
November 10, 2019
Keeping up with the latest technology can be challenging, but what happens when the challenge comes from outdated technology? Security experts tried to answer that question last month, when researchers discovered a vulnerability in D-Link routers that could lead to Remote Code Execution (RCE). Experts at Fortinet found the flaw exists because D-Link routers are no longer being updated, including vital security upgrades. Shortly after the bug was reported, D-Link announced the routers are at End of Life (EOL) and they will no longer provide bug patches for them.
The security issue at hand involves poor security levels when attackers remotely log-in. The lack of secure authentication allows hackers to execute code despite not having privileges. That means cybercriminals can steal administrator credentials and create other means of access to the D-Link routers. The following D-Link routers are no longer supported and are vulnerable to exploitation:
- DIR-655
- DIR-866L
- DIR-652
- DHP-1565
For now, D-Link’s response to the issue is telling their customers to replace the aging routers with a newer (and safer) technology. In 2017, D-Link came under fire from the Federal Trade Commission (FTC) for ignoring vulnerability reports for its devices and misreporting security. A 32-page settlement was made with the FTC, including D-Link having to monitor for their own security flaws. The settlement also included D-Link having to alert End of Life device users 60 days before the company stops supporting security updates. Two years later, D-Link appears to be struggling with their FTC settlement. However, D-Link is not alone having to deal with the consequences of outdated technology.
Any time a product is hitting end of life, it's important to make a move to a supported product. In most cases, once they hit the end of life cycle, they don't receive patches any longer, leaving them vulnerable to attacks, particularly zero-day exploits.
As systems, software and devices age, they will inevitably create security concerns when companies decide to no longer support them. The challenge may be with alerting users of EOL products in time for them to replace the aging products before their security is at risk.