Another Dlink problem

Controls related news and things happening that might impact the world of controls.
Post Reply
User avatar
Maxburn
Posts: 97
Joined: Wed Mar 04, 2020 12:51 am

Another Dlink problem

Post by Maxburn »

I have a list of networking kit to never buy. People ask me why and I just tell them to google the vendor name and hit news, it's not hard to find stuff like this. Heard on Risky Biz that the guy that found this wanted a little vacation from regular work and looking for an easy target turned to Dlink to find this. Seems I'm not the only one with such a low opinion of them.

https://www.reddit.com/r/netsec/comment ... ncryption/

https://0x00sec.org/t/breaking-the-d-li ... rt-1/21943
User avatar
orion242
Posts: 223
Joined: Fri Feb 21, 2020 12:55 am
Location: New England
Contact:

Re: Another Dlink problem

Post by orion242 »

Netgear had a wad of CVEs last month.

Frankly I just shake my head when I see this SOHO gear on a system. Don't use that trash at home, sure wouldn't on a site.
User avatar
Maxburn
Posts: 97
Joined: Wed Mar 04, 2020 12:51 am

Re: Another Dlink problem

Post by Maxburn »

I guess this is an area where the free market took advantage of everyone? This kit is all pretty cheap and sells everywhere. By the way I never posted the list.

Belkin
Linksys
Dlink
TrendNET
Asus
TP link
Archer
Cisco - So many hard coded passwords, switches default LAN broadcasts off (WTF), no firmware downloads if no support $$.

So many good and free DIY router solutions, couple even fix the above. https://teklager.se/en/best-free-linux- ... ware-2019/
User avatar
Maxburn
Posts: 97
Joined: Wed Mar 04, 2020 12:51 am

Re: Another Dlink problem

Post by Maxburn »

More news
https://view.email.sans.org/?qs=5afb8bf ... 6995dcb3ef
Home Router Study Finds “Alarming” Security Issues
(July 6, 2020)

A study of 127 home routers from seven manufacturers found numerous security issues. The Fraunhofer Institute for Communication (FKIE) in Germany looked at each router’s most current firmware, focusing on five security aspects: when the firmware was last updated; which operating systems are used and how many known flaws they have; what exploit mitigation techniques the vendors use; whether the firmware images contain private cryptographic key material; and whether there are any hard-coded login credentials. Among the report’s findings: 46 of the routers had not had a security update in the past year; some vendors ship firmware updates that contain known vulnerabilities, and just one of the seven vendors did not publish private cryptographic keys in its firmware.

Read more in:
- www.fkie.fraunhofer.de: Home Router Security Report 2020 (PDF)
- www.zdnet.com: Home router warning: They're riddled with known flaws and run ancient, unpatched Linux
https://www.fkie.fraunhofer.de/content/ ... ericht.pdf

That PDF is worth a scroll through.

Adding Zyxel to my list, never seen one though.
Post Reply