
Researcher Find D-Link DWR-932 Router Is 'Chock Full of Holes' (helpnetsecurity.com) 70
Reader JustAnotherOldGuy writes: Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities in the LTE router/portable wireless hotspot D-Link DWR-932. Kim found the latest available firmware has these vulnerabilities: Two backdoor accounts with easy-to-guess passwords that can be used to bypass the HTTP authentication used to manage the router
-A default, hardcoded Wi-Fi Protected Setup (WPS) PIN, as well as a weak WPS PIN generation algorithm
- Multiple vulnerabilities in the HTTP daemon
- Hardcoded remote Firmware Over The Air credentials
- Lowered security in Universal Plug and Play, and more.
"At best, the vulnerabilities are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor," says Kim, and advises users to stop using the device until adequate fixes are provided.
-A default, hardcoded Wi-Fi Protected Setup (WPS) PIN, as well as a weak WPS PIN generation algorithm
- Multiple vulnerabilities in the HTTP daemon
- Hardcoded remote Firmware Over The Air credentials
- Lowered security in Universal Plug and Play, and more.
"At best, the vulnerabilities are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor," says Kim, and advises users to stop using the device until adequate fixes are provided.