14 DAY TRIAL // One would think that D-Link, like any other company, would strive to meet its customers with good news on Monday morning, or no news at all, but alas this is not what happened today.
What the company was forced to face was a situation of perilous virtual data protection. Which is to say, flaws in the way routers keep data safe.
It turns out that a number of D-Link routers have been discovered to possess a critical security vulnerability.
Said flaw can allow ill-meaning users to access the configuration page of the router without needing the username and password. That's basically the same thing as having unrestricted access to your router.
Hackers can set the user-agent on their browser to a specific string. That string can skip all authentication processes and log users into the router directly.
Obviously, no one likes to hear that their nice and fast wireless network/Internet providers can be so easily compromised.
It's a small blessing that hackers need to be directly connected to the router by Ethernet or Wi-Fi in order for the exploit to work.
Alas, even this limitation doesn't always apply. According to the ones that discovered the problem, the exploit can be performed from anywhere if the router's configuration page is publicly accessible.
Affected D-Link model numbers include DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240. No protection exists for now, although D-Link will work on fixing the problem at a firmware level. Firmware version 1.13 is known to be problematic and, presumably, all previous ones too.
That's actually how the vulnerability was discovered: by reverse engineering a firmware update offered by D-Link.
Fortunately, even if you do own one of these things, you don't need to have a heart attack. Plenty of people own one, and if you don't have any genius enemies, there shouldn't be any problems.