Controls.Fail

Share your fail and we will laugh, then help fix it.
https://controls.fail/

Another Dlink problem

https://controls.fail/viewtopic.php?t=66

Page 1 of 1

Another Dlink problem

Posted: Mon Jun 29, 2020 10:57 am
by Maxburn
I have a list of networking kit to never buy. People ask me why and I just tell them to google the vendor name and hit news, it's not hard to find stuff like this. Heard on Risky Biz that the guy that found this wanted a little vacation from regular work and looking for an easy target turned to Dlink to find this. Seems I'm not the only one with such a low opinion of them.

https://www.reddit.com/r/netsec/comment ... ncryption/

https://0x00sec.org/t/breaking-the-d-li ... rt-1/21943

Re: Another Dlink problem

Posted: Wed Jul 01, 2020 10:21 pm
by orion242
Netgear had a wad of CVEs last month.

Frankly I just shake my head when I see this SOHO gear on a system. Don't use that trash at home, sure wouldn't on a site.

Re: Another Dlink problem

Posted: Mon Jul 06, 2020 2:20 pm
by Maxburn
I guess this is an area where the free market took advantage of everyone? This kit is all pretty cheap and sells everywhere. By the way I never posted the list.

Belkin
Linksys
Dlink
TrendNET
Asus
TP link
Archer
Cisco - So many hard coded passwords, switches default LAN broadcasts off (WTF), no firmware downloads if no support $$.

So many good and free DIY router solutions, couple even fix the above. https://teklager.se/en/best-free-linux- ... ware-2019/

Re: Another Dlink problem

Posted: Wed Jul 08, 2020 11:25 am
by Maxburn
More news
https://view.email.sans.org/?qs=5afb8bf ... 6995dcb3ef
Home Router Study Finds “Alarming” Security Issues
(July 6, 2020)

A study of 127 home routers from seven manufacturers found numerous security issues. The Fraunhofer Institute for Communication (FKIE) in Germany looked at each router’s most current firmware, focusing on five security aspects: when the firmware was last updated; which operating systems are used and how many known flaws they have; what exploit mitigation techniques the vendors use; whether the firmware images contain private cryptographic key material; and whether there are any hard-coded login credentials. Among the report’s findings: 46 of the routers had not had a security update in the past year; some vendors ship firmware updates that contain known vulnerabilities, and just one of the seven vendors did not publish private cryptographic keys in its firmware.

Read more in:
- www.fkie.fraunhofer.de: Home Router Security Report 2020 (PDF)
- www.zdnet.com: Home router warning: They're riddled with known flaws and run ancient, unpatched Linux
https://www.fkie.fraunhofer.de/content/ ... ericht.pdf

That PDF is worth a scroll through.

Adding Zyxel to my list, never seen one though.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited