A security update that network manufacturer D-Link for different routers released just does not work and introduces a new vulnerability, so claims the researcher who discovered all kinds of vulnerabilities in the routers. Security Researcher Craig of the blog / dev / ttyS0 discovered early this year several vulnerabilities in the D-Link DIR-645 router, where D-Link finally released an update for.
Early this month, Craig found the same problems in the DIR-890L router. Yesterday, D-Link with a update for this model, which the researcher decided to check whether the problem also really been resolved. Craig discovered that the patches for the DIR-645 and DIR-890L are identical. To his surprise, they were all just problems still exist, even if D-Link says that the updates address vulnerabilities correct.
It also showed that the updates are also introducing a new security problem. Unused Authentic Weathered users can therefore still perform a variety of actions on the router. "But I think no matter it something that a authentication user information systems on the internal network can retrieve, view and change system settings can or router to the default settings can be reset," responds the investigator sarcastically.
No comments:
Post a Comment