All D-Link router models DIR-655, DIR-866L, DIR-652 & DHP-1565 are now vulnerable

Pooh
Pooh Member, Beta Tester Posts: 674
500 Likes 500 Comments 25 Answers 100 Agrees
✭✭✭✭✭
in Devices & Security #1
Another day, another CVE. CVE-2019-16920 that effects any of the D-Link routers in the title. If you have any of these then consider your network is now, to all intents and purposes, exposed to the outside world and your router unpatchable.

Tech minded folk might be able to circumnavigate the issue on the DIR-866L or DHP-1565 by flashing DD-WRT. Everyone else? Buy a replacement router ASAP.

D-Link have confirmed that they will not be fixing this as they consider these models as "End-of-life". 



People say nothing is impossible, but I do nothing every day.
VioletChepilRobin_Ex_FingkltaylorMarc

Comments

  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    #2
    Ouch!  Thanks for the info @Pooh.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    VioletChepil
  • Marc
    Marc Moderator, Beta Tester Posts: 3,192
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    #3
    This always gets me thinking how old is too old.  One of the routers affected, the DIR-615 was introduced in 2009, 10 years ago....  Computer kit is not like a toaster where it either works or it doesn't.  There are nuances to it like software/firmware where though the functionality as originally designed still functions, external factors like standards changing and attack vectors create a situation where it's just not feasible to keep it on the air.  And of course there is no economical incentive for the company that makes them to keep upgrading the firmware.  Too bad DD-WRT isn't available for a larger swath of hardware.
    Thats Daphnee, she's a good dog...
    PoohVioletChepil

Categories