And I thought Netgear were bad. Good job I didn't switch to D-Link.
Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only two are going to get patched. Błażej Adamczyk of the Silesian University of Technology in Poland posted this month to Full Disclosure that he discovered the bugs in May of this year and notified D-Link. Despite …
Wednesday 17th October 2018 09:34 GMT Norman Nescio
Some unpatched models have OpenWrt available
For some of the affected devices, he wrote, there won't be patches. The vulnerable units are all in D-Link's DWR range: the DWR-116, DWR-140, DWR-512, DWR-640, DWR-712, DWR-912, DWR-921, and DWR-111. Most of these, Adamczyk claimed, will be left unpatched because D-Link told him they're end-of-life; only the DWR-116 and 111 would be fixed.
A couple of of the above models without patches have OpenWrt images available for them.
DWR-512 hardware version B - https://openwrt.org/toh/d-link/d-link_dwr-512_b
DWR-921 hardware version C1& C3 - https://openwrt.org/toh/d-link/d-link_dwr-921
and for completeness, one of the to be patched models does too
DWR-116 hardware versions A1 & A2 - https://openwrt.org/toh/d-link/d-link_dwr-116
As ever, OpenWrt might not be appropriate for your needs, but it might get you out of a hole.
Wednesday 17th October 2018 10:22 GMT LeoP
Wednesday 17th October 2018 13:14 GMT Norman Nescio
Re: Some unpatched models have OpenWrt available
>> As ever, OpenWrt might not be appropriate for your needs
>I can't imagine a scenario, where it is less appropriate than a D-Link vondor image.
There can be circumstances where the vendor image is 'better'.
Sometimes OpenWrt only works on specific hardware revisions of the routers, as vendors sometimes change the chips used without changing the model name, and if OpenWrt doesn't have drivers for the new chipset, it won't work. In addition, there are bits of hardware that might not be supported even if the rest of the router works - for example (V)DSL modems or mobile network modems, as again, OpenWRT doesn't have the drivers. Finally, vendors might make use of capabilities that OpenWrt can't (yet) such as hardware offloading for NAT. In the last case, this means a vendor image might have a substantially higher throughput than an OpenWrt image.
This might seem like I have a downer on OpenWrt. I don't, and use it extensively myself on a small flock of carefully chosen routers. But it is as well to be aware of the understandable limitations, as many vendors either won't, or can't (for legal reasons) provide the necessary documentation or drivers to the OpenWrt project for the project to use. A lot of work has to be done by patient reverse-engineering, and I take my hat of to those who do this work. I have nothing but praise for the (mostly) volunteers who do the hard work to provide the OpenWrt images for everyone else to benefit from.
In short, OpenWrt is not a magic panacea for SOHO router woe, but if you know what you are doing, and the limitations are acceptable for your use, it is a very useful tool to have.
Wednesday 17th October 2018 11:31 GMT LDS
It's time to force them to release updates if they want their model approved
AFAIK, all these devices need some form of approval to be used in a given country - it's time to make part of the approval process not only being compatible with relevant standards, but also ensuring updates are released for the useful live of the device - that could be longer than its marketing life.
A company that didn't abide to the rule for older models, should not see any new approval released until it complies - plus fines.
Wednesday 17th October 2018 16:40 GMT redpawn
Wednesday 17th October 2018 22:22 GMT bigtreeman
in the OpenWRT boxen, it's not just security, some other parts just don't work properly.
check all levels of logging, emergency down to debug, you'll find various hiccups
There's big typos in the scripting running these boxes, written by a junior janitor when not emptying garbage bins.
admin shouldn't be 0:0:root (one user only apart from nobody)
remount / rw
change whatever you want
remount / ro
yeah, I've complained to them about the plain text passwords,
mentioned various fixes
it's just a mess
I'll never buy a d-link again
Thursday 18th October 2018 12:09 GMT sitta_europea
I'd use OpenWRT if it didn't hang the wireless connection on my six (ahem) WRT54GS2 routers when you try to use more than about 1Mbit/s. After it hangs, the only way to get a service back is to reboot the router. That can be a bit inconvenient if it's on the other side of the industrial estate. Tomato doesn't do it. The OpenWRT authors know of the problem but refuse to do anything about it, claiming that it's a hardware bug. Sure, it might be, but there are several software workarounds and they're not interested. The correspondence is all published in the mailing list.
IMHO OpenWRT sucks.