Data: CASIE
Trigger word:
arose
Negative Trigger
from
security
researchers
involving
the
company
’
s
routers
.
The
latest
incident
arose
after
Silesian
University
of
Technology
researcher
Błazej
Adamczyk
contacted
Vulnerability-related.DiscoverVulnerability
D-Link
last
May
about
three
vulnerabilities
affecting
Vulnerability-related.DiscoverVulnerability
eight
router
models
.
Following
the warning
Vulnerability-related.DiscoverVulnerability
,
D-Link
patched
Vulnerability-related.PatchVulnerability
two
of
the
affected
routers
,
but
did
not
initially
reveal
Vulnerability-related.DiscoverVulnerability
how
it
would
proceed
for
the
remaining
six
models
.
After
further
prompting
Vulnerability-related.DiscoverVulnerability
from
Adamczyk
,
D-Link
revealed
Vulnerability-related.DiscoverVulnerability
that
the
remaining
six
routers
would not get
Vulnerability-related.PatchVulnerability
a
security
patch
because
they
were
considered
end-of-life
models
,
leaving
affected
owners
out
in
the
cold
.
“
The
D-Link
models
affected
Vulnerability-related.DiscoverVulnerability
are
the
DWR-116
,
DWR-140L
,
DWR-512
,
DWR-640L
,
DWR-712
,
DWR-912
,
DWR-921
,
and
DWR-111
,
six
of
which
date
from
2013
,
with
the
DIR-640L
first appearing
Vulnerability-related.DiscoverVulnerability
in
2012
and
the
DWR-111
in
2014
,
”
Naked
Security
reported
.
Though
these
are
not
current
models
in
D-Link
’
s
portfolio
,
many
of
the
listed
models
are
still
likely
to
be
in
use
.
As
a
result
of
this
impasse
,
Adamczyk
released details
Vulnerability-related.DiscoverVulnerability
about
the
security
flaws
,
following
responsible
security
protocols
after
giving
D-Link
notice
and
the
opportunity
to
address
Vulnerability-related.PatchVulnerability
the
issues
.
Of
significance
is
that
this
is
the
second
time
in
about
a
year
that
D-Link
has failed to address
Vulnerability-related.PatchVulnerability
security
vulnerabilities
affecting
Vulnerability-related.DiscoverVulnerability
its
products
after
being notified
Vulnerability-related.DiscoverVulnerability
by
researchers
.
The
security
researcher
noted
Vulnerability-related.DiscoverVulnerability
that
the
new
flaw
arose
Vulnerability-related.DiscoverVulnerability
after
D-Link
reported
that
it
had fixed
Vulnerability-related.PatchVulnerability
a
prior
security
flaw
.
Also
known
as
“
directory
traversal
”
or
“
dot
dot
slash
”
attacks
,
these
flaws
allow
a
malicious
attacker
to
gain
access
to
system
files
with
a
simple
HTTP
request
.
Despite
D-Link
’
s
spotty
history
with
supporting
older
router
models
,
the
manufacturer
is
not
alone
in
leaving
routers
unpatched
Vulnerability-related.PatchVulnerability
.
The
American
Consumer
Institute
reported
Vulnerability-related.DiscoverVulnerability
that
of
the
186
routers
it
had
tested
,
155
contained
Vulnerability-related.DiscoverVulnerability
firmware
vulnerabilities
.
In
total
,
ACI
discovered
Vulnerability-related.DiscoverVulnerability
more
than
32,000
known
vulnerabilities
in
its
study
.
“
Our
analysis
shows
that
,
on
average
,
routers
contained
Vulnerability-related.DiscoverVulnerability
12
critical
vulnerabilities
and
36
high-risk
vulnerabilities
,
across
the
entire
sample
,
”
ACI
noted
in
its
report
.
“
The
most
common
vulnerabilities
were
medium-risk
,
with
an
average
of
103
vulnerabilities
per
router.
”
For
shoppers
who
are
in
the
market
for
a
new
router
,
it
’
s
probably
best
to
also
check
with
the
manufacturer
to
see
what
the
supported
lifespan
of
the
router
is
.
If
the
router
is
nearing
its
end
of
life
,
as
in
the
case
illustrated
here
,
you
may
not
get
Vulnerability-related.PatchVulnerability
patches
,
regardless
of
how
serious
a
security
vulnerability
may
be
.
If
you
have
an
older
router
,
you
may
want
to
consider
checking
out
our
guide
for
the
best
router
options
before
you
decide
to
upgrade
.