Security researcher reveals multiple Web-based security vulnerabilities in the D-Link 2760N.

November 11, 2013 12:54 PM PST

A new spate of vulnerabilities have been found in a D-Link router, a security researcher said Monday.
The D-Link 2760N, also known as the D-Link DSL-2760U-BN, is susceptible to several cross-site scripting (XSS) bugs through its Web interface, reported ThreatPost.

Related stories:
Verizon Wireless nudges into home phone, broadband biz
Get an Apple AirPort Extreme Base Station router for $74.99
XCom hot spot plans now available for U.S. travelers
Wi-Fi routers: More security risks than ever
Sprint to offer three new tri-band hot spots on July 19

Liad Mizrachi, the researcher who discovered the bugs, said he notified D-Link about the bugs in August, September, and October, but D-Link did not respond.
The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI-624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a patch to the backdoor bug.
Jacob Holcomb, a security researcher who uncovered widespread vulnerabilities in popular routers earlier this year, told CNET that he wasn’t surprised by the backdoor bug, and wished that manufacturers would do more to fix security problems when found in embedded devices such as cameras and routers.
“Code written for these devices continues to provide inadequate security for today’s digital society, and manufacturers should be held accountable for the implementation of code that intentionally circumvents security,” he said.
D-Link told CNET that the router is not sold in the US and that the company is working on a solution that will be published on their support site when it’s ready. D-Link did not offer a timeline for when that might be, though.
Updated at 4:45 p.m. on Nov. 12 with comment from D-Link.

Leave a Reply