Multiple D-Link Routers Open to Complete Takeover with Simple Attack

October 18, 2018

Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher.

Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May, uncovering that they affect the DWR-111, DWR-116, DWR-140, DWR-512, DWR-640, DWR-712, DWR-912 and DWR-921 models. However, he claims that D-Link told him that only the DWR-116 and 111 would be patched, because the rest have reached end-of-life and will no longer be supported.

However, D-Link hasn’t issued the two promised patches, so after warning the vendor in September that he would publicly disclose the flaws if they weren’t addressed within a month, Adamczyk has published his findings, along with a proof-of-concept video.

Read More on Threat Post