The sad thing is that it's not really impressive work. And I don't say that to discredit the author, but to discredit dlink, because the bugs found are really security 101 kinda stuff we really should not be seeing anymore.
Most home networking gear I've come across are basically MVP (minimum viable product) only. I've managed to trivially bypass quite a few via using common techniques in whitepapers/research docs (hardcoded admin passwords stored in plaintext, looking for open ports, etc etc)
Sadly, none of this is going to change in the foreseeable future.
Ah, cheap shit, programmed terribly. There should be legislation saying anything you plug permanently to your internet connection should be secure, and anyone caught being part of a botnet because they're using a known "bad" hardware will be fined. And just add to this blacklist "anything made by DLink". That will get them to fix their shit.
We already have laws on the books for vandalization and sabotage. We also have that horrific law that criminalizes EULAs and "Authorized Access". Why aren't they being used against these companies that make easy to remote-pwn gear? Its readily evident that it's not the end-user's actions that cause these forms of vandalization and digital assault.
Id much prefer enforcing laws, rather than make new ones we hardware creators have to parse and understand.
(Like, how does this affect open source hardware? Some of my side projects are put online. I know a few implementations in the wild already.)
