If you have a D-Link DIR 850L wireless router or know anyone that does, you should unplug it without delay. The Register posted a link to the recently released findings of security researcher Pierre Kim, who originally contacted D-Link in February about the flaws only to see a single patch released since then. The vulnerabilities are rather severe, ranging from a lack of verification for firmware images, through stored default private keys to an actual buit in backdoor. The router is not compatible with DD-WRT so you cannot resolve the issue through that method; it should be treated as a brick until D-Link resolves these issues in an update.
"A security researcher has shamed D‑Link by publicly disclosing 10 serious, as-yet unpatched vulnerabilities in a line of consumer-grade routers without notifying the vendor first."
Here is some more Tech News from around the web:
- Apple's adoption of Qi signals the end of the wireless charging wars @ The Register
- TSMC starts equipment move-in at Nanjing plant @ DigiTimes
- It's September 2017, and .NET lets PDFs hijack your Windows PC @ The Register