Security researchers at Palo Alto Networks have published a blog post detailing six new vulnerabilities in the D-Link DIR-865L home router.
While the model is old and no longer supported, it may still be used in many homes around the country, including among some of the numerous people who have been working from home during the pandemic. What’s more, the researchers believe some of these flaws may affect later products based on a similar code base.
The researchers note that with so many enterprise workers currently operating from home, cybercriminals have considerable reason to attack home networks. They explain how the various vulnerabilities when applied in combination could allow an attacker to delete or exfiltrate data, , execute arbitrary commands, upload malware or harvest user credentials. While they indicate that such attacks are easier to accomplish if the router uses HTTP, they are even possible with HTTPS given a sufficiently able hacker.
The researchers recommend updating the firmware, switching the router to use HTTPS to make session hijacking harder, and changing the router’s time zone to prevent attackers from recalculating the supposedly random session ID. They also discourage using the router to share important information until the device is patched.
In an announcement, D-Link pointed out that this particular model reached its end-of-support date over four years ago and recommends retiring and replacing such devices. Nevertheless, it has investigated the reports from the Palo Alto researchers and released a patched firmware for the router, which can be found alongside the announcement here. While the company emphasises that anyone continuing to use this router does so at their own risk, they recommend manually applying the new firmware in such cases.
Home routers have often plagued the industry because they are typically not as well maintained or as up to date as enterprise devices. Speaking to SC Media UK, privacy advocate Paul Bischoff said about this:
“Home wi-fi routers are typically retail purchases and users usually don't need to register any sort of account to use them, so manufacturers have no way to directly contact users and inform them of issues. Most consumers probably don't even know their router model or how to run firmware updates. Many older routers don't have an automatic update feature, and at least one reviewer noted that the DIR-865L automatic update function didn’t work. Routers often sit untouched after initial setup and can go years without any sort of attention from users so long as they connect to the internet.”
Home devices can present a minefield for corporate cybersecurity because these devices are inevitably outside the control of your network IT support. At Pro-Networks, we can work with you to develop a cybersecurity strategy that will minimise your exposure to risks, including the potential threat from compromised home devices. We can also provide cybersecurity training, so your staff will better understand how to keep their own devices and networks free from intruders and unwanted malware.