[SingCERT] Advisory on Multiple Security Vulnerabilities Affecting D-Link DIR-800 Series Routers
Published on Saturday, 30 September 2017 15:13
Joint Advisory by Cyber Security Agency of Singapore and Infocomm Media Development Authority
D-Link has released firmware updates for DIR-850L and DIR-890L routers.
Affected users are advised to visit D-Link’s support page (http://www.dlink.com.sg/dlink_support) and click on ‘Security Advisory’ to access the update.
StarHub customers issued with the affected routers should also visit the same webpage and click on ‘StarHub’ for instructions.
Users of the other affected D-Link routers (DIR-885L and DIR-895L) should check the above website regularly for the upcoming release of firmware updates for these models.
On 8th and 12th September 2017, security researchers publicly disclosed details of multiple vulnerabilities affecting D-Link DIR-800 series of routers.
- D-Link DIR-850L
- D-Link DIR-885L
- D-Link DIR-890L
- D-Link DIR-895L
Routers can be compromised to install malicious firmware, as well as compromise user’s information.
D-Link has issued an advisory on their website (http://www.dlink.com.sg/securityadvisory/). They are aware of the issue and will be issuing a patch. Affected users are advised to refer to D-Link support page for updates and the appropriate firmware version for your model to apply when released.
Until a firmware update is available, users should take the following steps in the meantime to minimise the risk of your router being compromised.
- Disable remote management
- Use strong passwords for your WIFI to reduce the risk of unauthorised access to your network.
Users should also consider disabling the router’s SharePort feature.
Instructions on how to do so can be found in each router's manual at the following links: