Singapore's Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) have jointly issued an advisory after several D-Link routers in the country were found to have security flaws.
The vulnerabilities, which have been found in D-Link's DIR-800 series routers, were initially discovered and published by security researchers on September 8 and 12, stated the joint advisory, which was released on September 15. As per the advisory, the affected products of D-Link were DIR-850L, DIR-885L, DIR-890L and DIR-895L.
"Routers can be compromised to install malicious firmware, as well as compromise users' information," mentioned the advisory. CSA also added that so far, it hasn't received any request from the customers for any kind of assistance.
As reported by Channel NewsAsia, Nanyang Polytechnic's Tin Aung Win told the publication that the vulnerability is present in the Web application that allows users to configure their passwords, specifically in case of the DIR-850L router. By exploiting the law, hackers can take control of users' routers without having to know their user ID or password, explained Tin Aung win.
D-Link has also issued an advisory on its website responding to the joint advisory. The company stated that it will issue a firmware update on September 19.
"Product security and customer privacy are important concerns to D-Link. D-Link has a task force and product management team 'on call' to provide immediate attention to address evolving security issues and implement appropriate security measures," said D-Link.
However, the Taiwanese-based company's statement did not mention the vulnerabilities of the other routers that were mentioned by CSA and IMDA.
Until a firmware update is made available, affected consumers should disable remote management and use strong passwords for their wifi and disable the router's SharePort feature in order to minimise the risk of their device being compromised, said the advisory published by CSA and IMDA.