STE WILLIAMS

If you’ve got a D-Link DWR-932 B LTE router, you might want to fire it into the sun – or hope that a firmware upgrade lands soon.

Following the consumer broadband industry’s consistently lackadaisical attitude to security, the device suffers from everything from backdoor accounts to default credentials, leaky credentials, firmware upgrade vulns and insecure UPnP.

Pierre Kim outlines the litany of SOHOpelessness here, noting that many of the vulns are inherited from the Quanta LTE device that forms the basis of the badge-engineered marvel.

The messes Kim found include:

There’s more, but the killer Kim points out is that the router has a big processor and lots of memory, and is so badly secured it would be trivial to recruit it into a botnet.

Kim says he contacted D-Link in June, and with no update forthcoming, he says he obtained CERT’s advice to publish the vulns. ®

Sponsored:
IBM FlashSystem V9000 product guide

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2016/09/29/dlink_dwr932_b_owner_trash_it_says_security_bughunter/