For the second time in roughly a year , D-Link has failed to act on warnings Vulnerability-related.DiscoverVulnerability from security researchers involving the company ’ s routers . The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted Vulnerability-related.DiscoverVulnerability D-Link last May about three vulnerabilities affecting Vulnerability-related.DiscoverVulnerability eight router models . Following the warning Vulnerability-related.DiscoverVulnerability , D-Link patched Vulnerability-related.PatchVulnerability two of the affected routers , but did not initially reveal Vulnerability-related.DiscoverVulnerability how it would proceed for the remaining six models . After further prompting Vulnerability-related.DiscoverVulnerability from Adamczyk , D-Link revealed Vulnerability-related.DiscoverVulnerability that the remaining six routers would not get Vulnerability-related.PatchVulnerability a security patch because they were considered end-of-life models , leaving affected owners out in the cold . “ The D-Link models affected Vulnerability-related.DiscoverVulnerability are the DWR-116 , DWR-140L , DWR-512 , DWR-640L , DWR-712 , DWR-912 , DWR-921 , and DWR-111 , six of which date from 2013 , with the DIR-640L first appearing Vulnerability-related.DiscoverVulnerability in 2012 and the DWR-111 in 2014 , ” Naked Security reported . Though these are not current models in D-Link ’ s portfolio , many of the listed models are still likely to be in use . As a result of this impasse , Adamczyk released details Vulnerability-related.DiscoverVulnerability about the security flaws , following responsible security protocols after giving D-Link notice and the opportunity to address Vulnerability-related.PatchVulnerability the issues . Of significance is that this is the second time in about a year that D-Link has failed to address Vulnerability-related.PatchVulnerability security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its products after being notified Vulnerability-related.DiscoverVulnerability by researchers . The security researcher noted Vulnerability-related.DiscoverVulnerability that the new flaw arose Vulnerability-related.DiscoverVulnerability after D-Link reported that it had fixed Vulnerability-related.PatchVulnerability a prior security flaw . Also known as “ directory traversal ” or “ dot dot slash ” attacks , these flaws allow a malicious attacker to gain access to system files with a simple HTTP request . Despite D-Link ’ s spotty history with supporting older router models , the manufacturer is not alone in leaving routers unpatched Vulnerability-related.PatchVulnerability . The American Consumer Institute reported Vulnerability-related.DiscoverVulnerability that of the 186 routers it had tested , 155 contained Vulnerability-related.DiscoverVulnerability firmware vulnerabilities . In total , ACI discovered Vulnerability-related.DiscoverVulnerability more than 32,000 known vulnerabilities in its study . “ Our analysis shows that , on average , routers contained Vulnerability-related.DiscoverVulnerability 12 critical vulnerabilities and 36 high-risk vulnerabilities , across the entire sample , ” ACI noted in its report . “ The most common vulnerabilities were medium-risk , with an average of 103 vulnerabilities per router. ” For shoppers who are in the market for a new router , it ’ s probably best to also check with the manufacturer to see what the supported lifespan of the router is . If the router is nearing its end of life , as in the case illustrated here , you may not get Vulnerability-related.PatchVulnerability patches , regardless of how serious a security vulnerability may be . If you have an older router , you may want to consider checking out our guide for the best router options before you decide to upgrade .

Researchers say Vulnerability-related.DiscoverVulnerability several Motorola handset models are vulnerable Vulnerability-related.DiscoverVulnerability to a critical kernel command line injection flaw that could allow a local malicious application to execute arbitrary code on the devices . The two affected Motorola models are the Moto G4 and Moto G5 . The warnings Vulnerability-related.DiscoverVulnerability come from Aleph Research which said Vulnerability-related.DiscoverVulnerability it found Vulnerability-related.DiscoverVulnerability the vulnerability on up-to-date handsets running the latest Motorola Android bootloader . Motorola said patches to fix Vulnerability-related.PatchVulnerability the vulnerability in both devices are expected this month . “ Exploiting the vulnerability allows the adversary to gain an unrestricted root shell . ( And more ! ) , ” wrote Roee Hay , manager of Aleph Research . He said Vulnerability-related.DiscoverVulnerability vulnerable versions of the Motorola Android bootloader allow for a kernel command-line injection attack . The vulnerability ( CVE-2016-10277 ) is the same one found Vulnerability-related.DiscoverVulnerability by Aleph Research earlier this year and fixed Vulnerability-related.PatchVulnerability by Google in May , impacting Vulnerability-related.DiscoverVulnerability the Nexus 6 Motorola bootloader . “ By exploiting the vulnerability , a physical adversary or one with authorized USB fastboot access to the device could break the secure/verified boot mechanism , allowing him to gain unrestricted root privileges , and completely own the user space by loading a tampered or malicious image , ” wrote Hay . Despite the fact the vulnerability had been patched Vulnerability-related.PatchVulnerability for the Nexus 6 , Hay said the Moto G4 and G5 were still vulnerable Vulnerability-related.DiscoverVulnerability to the same kernel command line injection flaw . “ In the previous blog post , we suggested that CVE-2016-10277 could affect Vulnerability-related.DiscoverVulnerability other Motorola devices . After receiving a few reports on Twitter that this was indeed the case we acquired a couple of Motorola devices , updated to the latest available build we received over-the-air , ” the researcher wrote on Wednesday . Motorola told Threatpost via a statement that , “ A patch will begin rolling out Vulnerability-related.PatchVulnerability for Moto G5 within the next week and will continue until all variants are updated Vulnerability-related.PatchVulnerability . The patch for Moto G4 is planned to start deployment Vulnerability-related.PatchVulnerability at the end of the month and will continue until all variants are updated Vulnerability-related.PatchVulnerability . ” Researchers were able to trigger the vulnerability on the Moto devices by abusing the Motorola bootloader download functionality in order to swap in their own malicious initramfs ( initial RAM file system ) at a known physical address , named SCRATCH_ADDR . “ We can inject a parameter , named initrd , which allows us to force the Linux kernel to populate initramfs into rootfs from a specified physical address , ” the researcher wrote . Next , using malicious initramfs to load into a customized boot process they were able to gain root shell access to the device . Hay ’ s research into the Motorola bootloaders began in January when he identified Vulnerability-related.DiscoverVulnerability a high-severity vulnerability ( CVE-2016-8467 ) impacting Vulnerability-related.DiscoverVulnerability Nexus 6/6P handsets . That separate vulnerability allowed attackers to change the bootmode of the device , giving access to hidden USB interfaces . Google fixed Vulnerability-related.PatchVulnerability the issue by hardening the bootloader and restricting it from loading custom bootmodes . “ Just before Google released Vulnerability-related.PatchVulnerability the patch , we had discovered Vulnerability-related.DiscoverVulnerability a way to bypass it on Nexus 6 , ” Hay said in May of the second CVE-2016-10277 vulnerability . In an interview with Hay by Threatpost he said Vulnerability-related.DiscoverVulnerability , “ Yes , they are both bootloader vulnerabilities . The CVE-2016-10277 can be considered a generalization of CVE-2016-8467 , but with a much stronger impact , ” he said Vulnerability-related.DiscoverVulnerability .