[SingCERT] Advisory on Multiple Security Vulnerabilities Affecting D-Link DIR-800 Series Routers

**Update**

D-Link has released firmware updates for DIR-850L and DIR-890L routers.

Affected users are advised to visit D-Link’s support page (http://www.dlink.com.sg/dlink_support) and click on ‘Security Advisory’ to access the update.

StarHub customers issued with the affected routers should also visit the same webpage and click on ‘StarHub’ for instructions.

Users of the other affected D-Link routers (DIR-885L and DIR-895L) should check the above website regularly for the upcoming release of firmware updates for these models.

• D-Link DIR-850L
• D-Link DIR-885L
• D-Link DIR-890L
• D-Link DIR-895L

Routers can be compromised to install malicious firmware, as well as compromise user’s information.

Recommendations

D-Link has issued an advisory on their website (http://www.dlink.com.sg/securityadvisory/). They are aware of the issue and will be issuing a patch. Affected users are advised to refer to D-Link support page for updates and the appropriate firmware version for your model to apply when released.

Workarounds

Until a firmware update is available, users should take the following steps in the meantime to minimise the risk of your router being compromised.

• Disable remote management
• Use strong passwords for your WIFI to reduce the risk of unauthorised access to your network.

• DIR-850L (Revision A firmware): ftp://ftp2.dlink.com/PRODUCTS/DIR-850L/REVA/DIR-850L_MANUAL_1.00_EN.PDF
• DIR-850L (Revision B firmware): ftp://ftp2.dlink.com/PRODUCTS/DIR-850L/REVB/DIR-850L_REVB_MANUAL_2.00_EN_US.PDF
• DIR-885L: ftp://ftp.dlink.ca/PRODUCTS/DIR-885L/DIR-885L_REVA_MANUAL_1.00_EN.PDF
• DIR-890L: ftp://ftp2.dlink.com/PRODUCTS/DIR-890L/REVA/DIR-890L_REVA_MANUAL_1.00_EN_US.PDF
• DIR-895L: http://global.dlink.com.sg/site_support/DIR-895L/Manual/DIR-895L_A1_Manual_v1.pdf