>are password-protected with a hardcoded password.
This is pretty scary stuff. I suspect dlink just resells generic firmwares and add branding while the real OEM is so no-name Chinese shop that provides everything but the industrial design of the plastic case. With generic OEMs like these you can't burn your key into the hardware, so you more or less have to do non-key passwords, which as the article shows, are trivially cracked on modern equipment.
I think its safe to say budget brands are usually a security risk. They just don't have the funding to actually take security seriously, even if the engineers have the political will to do so.
This is also the same D-link that was sued by the FTC for its poorly secured cameras, which I believe were also a rebranding of a no-name OEM product.
I find that Netgear, Cisco small business, and Linksys aren't perfect, they are miles ahead of d-link, belkin, and other budget brands for home use and really don't cost all that much more. I'm pleasantly surprised to see how often my Netgear gets security updates and Linksys/Cisco small business line is wonderful for the price.
That said, most consumers will be on the receiving end of a ISP provided router. I suspect a good chunk of these things aren't actually internet facing, they're behind the ISP router and working as a access point, but typically consumers won't or can't put them in access point mode. I think there's a lot of dumb luck in home networking that ironically keeps people secure because if they knew how to put the ISP router/modem into gateway mode they'd be in a lot more trouble once their dlinks and belkins are internet facing.
This is pretty scary stuff. I suspect dlink just resells generic firmwares and add branding while the real OEM is so no-name Chinese shop that provides everything but the industrial design of the plastic case. With generic OEMs like these you can't burn your key into the hardware, so you more or less have to do non-key passwords, which as the article shows, are trivially cracked on modern equipment.
I think its safe to say budget brands are usually a security risk. They just don't have the funding to actually take security seriously, even if the engineers have the political will to do so.
This is also the same D-link that was sued by the FTC for its poorly secured cameras, which I believe were also a rebranding of a no-name OEM product.
https://www.ftc.gov/news-events/press-releases/2017/01/ftc-c...
I find that Netgear, Cisco small business, and Linksys aren't perfect, they are miles ahead of d-link, belkin, and other budget brands for home use and really don't cost all that much more. I'm pleasantly surprised to see how often my Netgear gets security updates and Linksys/Cisco small business line is wonderful for the price.
That said, most consumers will be on the receiving end of a ISP provided router. I suspect a good chunk of these things aren't actually internet facing, they're behind the ISP router and working as a access point, but typically consumers won't or can't put them in access point mode. I think there's a lot of dumb luck in home networking that ironically keeps people secure because if they knew how to put the ISP router/modem into gateway mode they'd be in a lot more trouble once their dlinks and belkins are internet facing.