News
News Categories

D-Link DIR-800 series routers riddled with zero-day security flaws, security patch on its way

By John Law & Kenny Yeo - on 19 Sep 2017, 10:00am

D-Link DIR-800 series routers riddled with zero-day security flaws, security patch on its way

Image source: D-Link.

Bad news if you are using a D-Link router. A security researcher by the name Pierre Kim recently found zero-day flaws affecting a number of D-Link routers. As a result, the Cyber Security Agency of Singapore and the Infocomm Media Development Authority have issued a joint advisory.

According to the joint advisory, zero-day flaws have been discovered in a number of D-Link DIR-800 series routers. The affected routers are as follows:

  • D-Link DIR-850L
  • D-Link DIR-885L
  • D-Link DIR-890L
  • D-Link DIR-895L

The advisory also says that these routers can be comprised to install malicious firmware or can be manipulated to steal users' data.

D-Link, in response, has said that it has a task force and product management team 'on call' to provide immediate attention to address evolving security issues and to implement security measures.

More importantly, it also said that a firmware update will be provided by September 21. So owners, please remember to update your firmware.

In the meantime, D-Link recommends the following actions to protect yourself:

  1. Reset the router to its default factory setting. 
  2. Disable the WAN remote admin feature.
  3. Do not access the router through unauthorized Wi-Fi.
  4. Change the wireless SSID password and PIN code to prevent unauthorized users from accessing the LAN.
  5. Change the device’s administrator password. Be sure to use a strong new password.

Source: SingCERT, Channel News Asia, Pierre Kim.