Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

D-Link says it won't patch 60,000 older modems, as they're not worth saving

Link DLink
.
  • Security researchers find critical flaws in modems reaching End of Life
  • D-Link says it won't patch them, and recommends upgrading the hardware
  • There are some 60,000 vulnerable devices out there

Older D-Link routers are potentially vulnerable to more than one critical security issue which could allow threat actors to take over the devices. However, since they have reached end-of-life status (EoL), the company says it will not be releasing any patches, and advises users to replace the endpoints with newer models.

The news comes shortly after we reported multiple D-Link NAS endpoints were found vulnerable to CVE-2024-10914, a command injection flaw with a 9.2 severity score - however the company again said it wouldn’t be issuing a fix, since the affected devices have all reached EoL.

Now, security researcher Chaio-Lin Yu (Steven Meow) found three bugs plaguing the D-Link DSL6740C modem. One is tracked as CVE-2024-11068, has a severity score of 9.8, and allows threat actors to change passwords through privileged API access. The other two are CVE-2024-11067, and CVE-2024-11066, and are a path traversal flaw and a remote code execution (RCE) flaw, with 7.5 and 7.2 scores, respectively.

Tens of thousands of vulnerable endpoints

Roughly 60,000 vulnerable devices are currently connected to the internet, the majority being located in Taiwan. The model isn’t even available in the US, BleepingComputer states, since it reached EoL almost a year ago. With that in mind, D-Link said it wouldn’t be addressing the flaw, and suggests "retiring and replacing D-Link devices that have reached EOL/EOS."

The same model is also vulnerable to four additional high-severity command injection flaws, the publication states, citing information from the Taiwanese computer and response center (TWCERTCC). These flaws are tracked as CVE-2024-11062, CVE-2024-11063, CVE-2024-11064, and CVE-2024-11065.

Users who are unable to replace their routers at the moment are advised to at least restrict remote access, and set secure access passwords, to minimize the chance of compromise. This would be a wise move since routers are one of the most targeted endpoints out there.

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Jeremy Allen White fans praise lookalike contest winner for actually ‘nailing’ resemblance
The winner of the Jeremy Allen White lookalike contest in Chicago received a ‘$50 cash prize plus some cigarettes’
The Independent UK
The Independent UK
Gulls aren't "rats with wings"
Gulls get a bad rap, but a new book explains how they are actually smart — and fascinating
Salon
Salon
Ryan Reynolds has just confirmed a major theory about Taylor Swift
Ryan Reynolds has just confirmed a major theory about Taylor Swift
Marie Claire
Marie Claire
This is not an urban shoe myth. The new Manolo Mary Jane is a thing of beauty.
Eat your heart out Carrie.
Marie Claire
Marie Claire
Fans trying to watch Mike Tyson vs Jake Paul on Netflix faced technical issues during undercard
It didn't take long for technical issues to rear their head in Mike Tyson vs. Jake Paul.
USA Today Sports Media Group
USA Today Sports Media Group
Group Leaves Friend After She’s Late Yet Again, Sparks Major Friendship Fallout
This woman didn't play around. She up and left her always late friend out of the birthday party bus. The post Group Leaves Friend After She’s Late Yet Again, Sparks Major Friendship Fallout first appeared on Bored Panda.
Bored Panda
Bored Panda
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play