News D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week

[Admin]

D-Link says it will not fix security flaw found in routers due to end-of-life concerns and instead suggests users buy new routers. This comes on the heels of the company refusing to fix a security flaw in NAS devices just last week.

D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week : Read more

 

[hotaru251]

OpenWrt​

(or similar opensource ones)

honestly more people need to encourage using no longer supported routers w/ opensource stuff as its a waste to not use em just because official maker stops supporting em when they function perfectly fine.

 

[tek-check]

Show them a middle finger, spread the news of the shameless practice and never buy their products again.

 

[bill001g]

Seems home consumers are just finding out about this and are surprised what end of life means. I remember cisco life time warranty on switches which really means until they decide to declare it dead.

Large enterprise equipment has had this issue for as long as I can remember. But like these dlink router they are basically ewaste. Who is really going to be running a router with 100mbps ports now days. Commercial equipment is generally replaced long before it hits end of life. Most companies dump not long after it hits end of support.

At least they still function even with the hacking risk. There are many devices that will not function without some subscription and the company decides to no longer support it.

 

[newtechldtech]

Show them a middle finger, spread the news of the shameless practice and never buy their products again.

show me one company that gives you support after EOL date ?

 

[Konomi]

Show them a middle finger, spread the news of the shameless practice and never buy their products again.

If a product is EOL, support stops. If the product still receives patches, then it is not EOL. You cannot have EOL and still receive support, it's that simple. About time a company sticks to it.

 

[USAFRet]

Show them a middle finger, spread the news of the shameless practice and never buy their products again.

Some of the listed devices are 15 years old, and EOL 8 years ago.

This is absolutely normal.

 

[Alvar "Miles" Udell]

Some of the listed devices are 15 years old, and EOL 8 years ago.

This is absolutely normal.

It's also normal for TH to publish these clickbaity articles, sadly.

 

[thestryker]

OpenWrt​

(or similar opensource ones)

honestly more people need to encourage using no longer supported routers w/ opensource stuff as its a waste to not use em just because official maker stops supporting em when they function perfectly fine.

Most routers with Broadcom processors simply cannot use anything of the sort due to no drivers and modern equipment has shaky support in general. If someone cares about security without big cost they should be running a minipc with pfsense/opnsense and keep wireless behind that.

 

[Kondamin]

Show them a middle finger, spread the news of the shameless practice and never buy their products again.

You would be doing your self a favour by retiring decade old 100mbit routers, you would probably save money over time energy wise because of the faster network speeds you would be getting.

 

[m3city]

Well, that's understandable from their point of view. I buy mikrotik hardware. It comes from Latvia, so it has eu-oriented privacy inscribed. It does not look do groovy like Asus, d-link, has no fancy antennas but it goes over any openwrt or proprieaty solutions i've seen so far.

 

[USAFRet]

Well, that's understandable from their point of view. I buy mikrotik hardware. It comes from Latvia, so it has eu-oriented privacy inscribed. It does not look do groovy like Asus, d-link, has no fancy antennas but it goes over any openwrt or proprieaty solutions i've seen so far.

Would they continue to support 15 year old hardware, long out of warranty, with new software/firmware updates?
That is the issue here with d-link.

 

[Francis412]

D-Link says it will not fix security flaw found in routers due to end-of-life concerns and instead suggests users buy new routers. This comes on the heels of the company refusing to fix a security flaw in NAS devices just last week.

D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week : Read more

years ago when most of these exploits came to owners attention. "Not by D-Link" I did my research and bought an ASUS Router/Switch to replace my D-Link router. I highly recommend to everyone to remove your D-Link equipment and throw it away. Destroy it. Then install a new router. I can recommend an ASUS router based on my research. Since I found that I became a target of several hackers. at which time I disabled my Wireless function of my router. I was able to thwart the hackers with a Open-SSL 2048 bit encrypted string generated on a Linux Computer. The encryption string was again encrypted and placed in an unmounted partition. From there I could mount the partition decrypt the OpenSSL 2048bit encrypted string. then copy/paste into my encrupted string. unavailable to everyone except my own machine as root user. I had no idea how many people waist their time hacking into wireless routers. They form clubs and rank wireless routers that are difficult to hack, then have club members take chances at hacking into your wireless router. Even an unadvertised router is no big deal to these hackers. Looking into the Wireless router logs I get to see which MAC address are unsuccessfully attempting to hack into my router. Becasue ASUS build their router under Linux. I am able to run a script on the logs. Then enter those MAC addresses into my deny lists. This finally reduces my router being hacked to just a once a month issue. you can do this or simply unplug your router and computer when you are away from your environment Unless you are running large repair jobs remotely. I do a lot of file, partition and disk repairs remotely.

 

[das_stig]

years ago when most of these exploits came to owners attention. "Not by D-Link" I did my research and bought an ASUS Router/Switch to replace my D-Link router. I highly recommend to everyone to remove your D-Link equipment and throw it away. Destroy it. Then install a new router. I can recommend an ASUS router based on my research. Since I found that I became a target of several hackers. at which time I disabled my Wireless function of my router. I was able to thwart the hackers with a Open-SSL 2048 bit encrypted string generated on a Linux Computer. The encryption string was again encrypted and placed in an unmounted partition. From there I could mount the partition decrypt the OpenSSL 2048bit encrypted string. then copy/paste into my encrupted string. unavailable to everyone except my own machine as root user. I had no idea how many people waist their time hacking into wireless routers. They form clubs and rank wireless routers that are difficult to hack, then have club members take chances at hacking into your wireless router. Even an unadvertised router is no big deal to these hackers. Looking into the Wireless router logs I get to see which MAC address are unsuccessfully attempting to hack into my router. Becasue ASUS build their router under Linux. I am able to run a script on the logs. Then enter those MAC addresses into my deny lists. This finally reduces my router being hacked to just a once a month issue. you can do this or simply unplug your router and computer when you are away from your environment Unless you are running large repair jobs remotely. I do a lot of file, partition and disk repairs remotely.

or just stop using routers and buy a mini-pc with lots of 1/2.5/5/10G ports fast multi-core cpu, low cost memory, low cost SSD storage, Opnsense/Adguard/Unbound DNS, plugins galore to secure and enhance you system and quality AP for wifi and I bet the price would be close to a crappy mid range consumer router but less than the top of the range all flash and no substance models and best of all, your not locked out by the manufacturer!

 

[anoldnewb]

2 are very old.
4 were being sold less than 4 years ago:
2020 - https://firewallguide.com/firewall/wired-router/d-link-dsr-250-8-port-gigabit-vpn-router-review/
2021 - https://firewallguide.com/firewall/wired-router/

If you are buying business class hardware, 4 year lifetime is too short.

 

[thestryker]

2 are very old.
4 were being sold less than 4 years ago:
2020 - https://firewallguide.com/firewall/wired-router/d-link-dsr-250-8-port-gigabit-vpn-router-review/
2021 - https://firewallguide.com/firewall/wired-router/

If you are buying business class hardware, 4 year lifetime is too short.

Two of those 4 were 100mb routers which should have been a giant warning sign in 2020. As for the two 1gb models: the wireless one only has N and both have USB 2.0 ports as the giant warning sign for how old they really are hardware wise. While they may have still been supported (and sold in some areas) they go back to 2012.

 

[drtweak]

Wait D-Link is stilla round? I haven't bought a D-Link product in like 15 years lol

 

[I]

Most routers with Broadcom processors simply cannot use anything of the sort due to no drivers and modern equipment has shaky support in general. If someone cares about security without big cost they should be running a minipc with pfsense/opnsense and keep wireless behind that.

?? Depends on which generation. Firmware distros like Tomato and DD-WRT, support several Broadcom chipsets. I'm running one right now, tho' it's Wifi5, a Nighthawk R6700, and not my only router.

 

[thestryker]

?? Depends on which generation. Firmware distros like Tomato and DD-WRT, support several Broadcom chipsets. I'm running one right now, tho' it's Wifi5, a Nighthawk R6700, and not my only router.

You answered your own question since that's a decade old router.

 

[bill001g]

Although I really know better that to respond to a old post I just can't resist. The problem with third party firmware is the firmware that is loaded into the wifi chipset is not being updated. It is kinda like not being able to get a device driver for some more common device. The issue would be if there is a security issue in the wifi firmware. None of this is open source. Pretty close to 100% of the wifi function is in the binary firmware you load to the wifi chipset. So if for example there is some issue with the encryption there is no way to fix it. The menus and the user interface that allows you to interface with the wifi chips is in the open source firmware but you can not change the commands that the wifi chipset accepts from the main router OS.

 

[I]

You answered your own question since that's a decade old router.

? I never had a question. Yes, it's acceptable to get a widely supported router that works well, rather than paying a premium for the latest thing, if you aren't going to replace all your wifi clients to get the latest standards for them too, and connect them all simultaneously, to get benefit from wifi6+

Older with DD-WRT, is better than newer without for Some Purposes.

Even with stock firmware, Techspot still picked it as one of the best of 2022:

The Best Wi-Fi Routers

The need for a quality router has never been greater. Today every household is packed with phones, laptops, smart TVs, and more devices all fighting for bandwidth....

www.techspot.com

 

[I]

Although I really know better that to respond to a old post I just can't resist. The problem with third party firmware is the firmware that is loaded into the wifi chipset is not being updated. It is kinda like not being able to get a device driver for some more common device. The issue would be if there is a security issue in the wifi firmware. None of this is open source. Pretty close to 100% of the wifi function is in the binary firmware you load to the wifi chipset. So if for example there is some issue with the encryption there is no way to fix it. The menus and the user interface that allows you to interface with the wifi chips is in the open source firmware but you can not change the commands that the wifi chipset accepts from the main router OS.

Is this a real problem or only hypothetical, because at least for DD-WRT, I have not heard of any such vulnerabilities that would need a new wifi firmware.

Although I really know better that to respond to a old post I just can't resist. The problem with third party firmware is the firmware that is loaded into the wifi chipset is not being updated. It is kinda like not being able to get a device driver for some more common device. The issue would be if there is a security issue in the wifi firmware. None of this is open source. Pretty close to 100% of the wifi function is in the binary firmware you load to the wifi chipset. So if for example there is some issue with the encryption there is no way to fix it. The menus and the user interface that allows you to interface with the wifi chips is in the open source firmware but you can not change the commands that the wifi chipset accepts from the main router OS.

While I recognize the point that you are making, how does that really affect users?

I just don't see anyone reporting that they were hacked because of this. It is far more common that they are hacked because of (okay, let's get real, it's mostly someone who didn't even bother to change the default password, lol), some core OS flaw, but that with the manufacturer firmware, not the 3rd party, at least not in recent years after they were further developed.

In that case, the 3rd party firmwares are more often than not, open source and peer reviewed, by peers that are geeks about the details, far more than the average person just buying some router and pretending that they are secure if they merely update the firmware when a new FW is available.

More to the point, I'm just not seeing the reports that this is a real issue in the wild, that it really doesn't have anything to do with the wifi chipset firmware because the hack needs to get to that level for it to matter, which is a hole in the whole router firmware, not just the wifi firmware.

I disagree about the idea of encryption. That is not about wifi chipset code but rather the main router firmware which is often open source and peer tested and reviewed.

I also disagree about "you can not change the commands". Why would you? You don't need to change them, just keep them outside external control. That is still a router OS security issue.

 

[thestryker]

? I never had a question.

You started your post with question marks which implies questioning.

Yes, it's acceptable to get a widely supported router that works well, rather than paying a premium for the latest thing, if you aren't going to replace all your wifi clients to get the latest standards for them too, and connect them all simultaneously, to get benefit from wifi6+

Going to have to agree to disagree on that one. Buying very outdated consumer hardware is a waste of money for general use. Keeping something going/replacing firmware is a great option but that doesn't make a device worth getting now.

There are plenty of hardware upgrades that happen along the way with the SoCs driving devices. Wi-Fi 6 has been fairly standard in phones for 3+ years and computers 4+ so chances are relatively high of having devices or soon to have.

Older with DD-WRT, is better than newer without for Some Purposes.

Agreed, but at that point we're talking specific usage which is a minority use case.

 

[bill001g]

I disagree about the idea of encryption. That is not about wifi chipset code but rather the main router firmware which is often open source and peer tested and reviewed.

I suspect you never have actually looked at the source code for third party firmware or attempted to make any changes yourself. I was extremely disappointed many years ago when all I wanted to do was add a counter that showed how many packets were being retransmitted.

All the encryption as well as any kind of negotiation with the client machines is inside the wifi chipset. None of this is in the main router firmware.

One of the key "bugs" in early wifi chipset was related to WPS. WPS is something that sould have been removed completely but the so called "smart" device need it. What would happen is you could click the box to disable the WPS function but the router OS would then send a command to the wifi chipset to disable the WPS feature. What actualy happened was the WPS physcial button was disabled but a device could still use the WPS code to get in. The WPS code is easily cracked by even a cellphone and can never be changed. Again a wifi chipset feature, if it was in the router OS you could change the WPS code. They fixed this so you can now really disable WPS. Most wifi chipset still do not allow you to change the WPS code.

 

[BFG-9000]

Well if you install OpenWRT on your Broadcom device then the radios won't work anyway, or at best will work at 802.11g speeds because that's the last time they had open-source drivers. That could be a plus if the device is EOL so there are no newer proprietary radio drivers to fix security flaws anyway.

You get the latest kernel (as opposed to FreshTomato which uses the same 20 year old kernel the device originally shipped with, or DD-WRT which is 4.x or 5.x depending on platform) and all of the preinstalled packages for wired routing are completely up-to-date. It has a robust package manager so you could download and install the latest Samba or Bandwidth Monitor or whatever software package you'd like (it doesn't come with any of those nonessential packages and the SNAPSHOT builds don't even come with a GUI so the attack surface is as low as it can get)