DLINK

D-Link has begun to push out firmware updates for some of its home routers, to address three separate vulnerabilities that could allow remote code injection via access to the local area network, perform DNS hijacking, or exploit chipset utilities in the router firmware that expose configuration information.

The company said in an advisory that it will release several updates between now and March 10. The most critical flaw is a “ping” issue, which opens the door for all kinds of nefarious activity, according to the researchers that first discovered it.

At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered.

Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. 

The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE, he noted for Computerworld.

A new spate of vulnerabilities have been found in a D-Link router, a security researcher said Monday.

The D-Link 2760N, also known as the D-Link DSL-2760U-BN, is susceptible to several cross-site scripting (XSS) bugs through its Web interface, reported ThreatPost.

A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device's settings, a serious security problem that could be used for surveillance.

Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability. Heffner wrote on his blog that the web interface for some D-Link routers could be accessed if a browser's user agent string is set to "xmlset_roodkcableoj28840ybtide."