14 DAY TRIAL // D-Link has released version 1.04 of the firmware for DIR-645 routers. The update addresses a series of vulnerabilities identified and reported by Italian security researcher Roberto Paleari.
The expert has found that D-Link DIR-645 routers running the firmware version 1.03B08, and possibly other models, are plagued by remotely exploitable buffer overflow flaws in “post_login.xml,” “hedwig.cgi” and “authentication.cgi.”
Paleari has also discovered cross-site scripting issues in “bind.php,” “info.php” and “bsc_sms_send.php.”
This is not the first time Roberto Paleari finds security holes in D-Link DIR-645 routers.
Back in March, the company released version 1.03 of the firmware to address security holes in the device’s web interface that could have been exploited by hackers to gain access to sensitive configuration information and even admin passwords.
At the time, experts highlighted the fact that D-Link didn’t provide the firmware updates to all its users. In addition, the change log on the company’s website didn’t mention anything about security fixes, which could have led many customers to believe that the update wasn’t important.
This time, D-Link has disclosed all the improvements made in the new firmware, including the ones related to the older issues found by Paleari.