The change log doesn't mention anything about security fixes

Mar 6, 2013 13:46 GMT  ·  By

A few days ago, security researcher Roberto Paleari revealed the existence of a vulnerability in the web interface of D-Link DIR-645 routers that could be leveraged to remotely access sensitive information about the device’s configuration, and even administrator passwords.

Paleari explained that D-Link addressed the issue with the 1.03 version of its firmware.

However, The H highlights the fact that the update has been made available only on the company’s US website. In addition, the change log doesn’t mention anything about security fixes so customers might not consider the update an important one.

Experts from heise Security have managed to reproduce the vulnerability and D-Link representatives have confirmed its existence.

Users are advise to update their device’s firmware, even if it’s not accessible from the Internet.

Unfortunately for customers from the UK, they will either have to install the update made available to US users – which might not be compatible with their region –, or they will have to wait for the company to release the update on the UK website as well.