Just when one of the models of D-Link router was being praised as an ‘extremely fast router’, another model was causing serious security threats, as reported by ThreatPost, an independent news site developed by the Kaspersky Lab. This particular model of D-Link Router is vulnerable to Cross-Site scripting.
According to the security researcher of this website, a whole new bunch of vulnerabilities have been found in the D-Link router. This alleged D-Link router is known as 2760N or more precisely as DSL-2760U-BN. This router is said to be vulnerable to a number of cross-site scripting (XSS) bugs through its Web interface. As per the report by ThreatPost,
“…the 2760N router’s XSS bugs exist in the NTS settings, parental control, URL filtering, NAT port triggering, IP filtering, interface grouping, simple network managing protocol, incoming IP filter, policy routing, printer server, SAMBA configuration, and Wi-Fi SSID Web interfaces respectively.”
This is certainly a serious security breach to the users’ systems. ThreatPost’s researcher, Liad Mizrachi, mentioned that he contacted D-Link regarding the bugs at several occasions (in August, September, and October); however he hasn’t received any response from the makers of the router yet. Mizrachi has taken the issue to full disclosure that reveals 15 XSS issues found in various sections of the user interface of 2760N.
The D-Link router 2760N is not the only one that surfaced with the backdoor bug problem. The report gathered more information regarding the other routers with threatening backdoor bugs such as DIR-100, DI-524UP, DIR-120, DI-604S, DI-604+, DI-604UP, TM-G5240 and DI-624S. In the beginning of this year, Jacob Holcomb, a security researcher uncovered far-flung vulnerabilities in several popular routers. He told CNET,
“Code written for these devices continues to provide inadequate security for today’s digital society, and manufacturers should be held accountable for the implementation of code that intentionally circumvents security,”
He also mentioned that the backdoor bug didn’t come as a surprise to him. In his opinion, manufacturers will certainly do more work to fix security problems when they are found in embedded devices like routers and cameras. As of now, let’s wait and watch for the response from D-Link at least!