These D-Link Routers Are Vulnerable To Remote Hacks And Should Be Retired Immediately
by
Nathan Wasson
—
Tuesday, April 12, 2022, 04:54 PM EDT
Cybersecurity news can seem like a never-ending stream of new vulnerabilities and a single prevailing message: “make sure to patch your devices.” Nonetheless, this message bears repeating. While we may keep up with updates on devices that receive over-the-air (OTA) updates on a semi-regular basis, we can still forget about other devices that are just as vulnerable, if not more so, to malicious attacks, but must be manually updated. Routers and Internet of things (IoT) devices are the primary culprits here. A few years ago, some researchers chose 13 routers and IoT devices for assessment and found a total of 125 vulnerabilities on just these devices alone. If this sample is at all representative of routers and IoT devices at large, these devices post a serious security risk when patches are neglected.
Attackers can leverage router and IoT vulnerabilities to gain access to otherwise secure devices on the same network. Fairly recently, some researchers discovered 1.7 million devices connected to routers compromised by just one particular form of attack. Unfortunately, vulnerabilities cannot always be mitigated by patches. Some devices have hardware vulnerabilities that no software or firmware update can fix, but others simply stop receiving updates.
D-Link has released a support announcement regarding a vulnerability in a number of its routers that are no longer officially supported. These routers all reached End of Life (EOL)/End of Service (EOS) back in 2017 and 2018, but still received updates as recently as December 2021. Even so, D-Link is advising customers to retire or place these routers in response to a Remote Code Execution (RCE) vulnerability.
One of the affected routers. Credit: D-Link
A Proof of Concept (PoC) for an attack leveraging this vulnerability appeared on GitHub back in December, and the vulnerability has since been added to the National Vulnerability Database (NVD) with the Common Vulnerabilities and Exposures (CVE) identifier CVE-2021-45382 and a severity rating of 9.8/10. The vulnerability will not be patched, so the only advised course of action is to retire or replace the routers. The vulnerability affects the following router models:
