The release notes for firmware v1.06 for the DLink DSL-320B-Z1 modem-router mention various scary security vulnerabilities very briefly.
One is the possibility of accessing the device from the WAN side and getting it to respond to DNS queries. That is not good at all. It's bandwidth theft, and it can be used by a malefactor as part of a DDoS amplification against some unfortunate third party.
Another is about getting access to the modem without logging in via the admin http interface first.
Does anyone have any more details about these kind of vulnerabilities or DLink sins in general?
Is anyone using a DSL-320B-Z1 as a router as opposed to as a
plain modem? Please no.
I presume that the latter vulnerability does apply even if you are merely using the device as a straight modem.
The WAN DNS thing presumably makes no sense and so does not apply if you are using the device as a straight modem?
Am I correct in my thinking?
It seems to me that it is worth upgrading to firmware v1.06 because of the LAN-side login bypass vulnerability.
A while back, I posted something recommending an Apple iOS app called something like Network-toolbox by Marcus Roskosch (see
https://forum.kitz.co.uk/index.php/topic,19269.msg341879.html#msg341879). This app has a security test function in it that will check lots of router models for half a dozen well known vulnerabilities. DLink devices are included specifically and so I am very much hoping that this particular vulnerability is detected. Stupidly I only remembered about the tool after I had upgraded the firmware on all my three modems. I will have to dig another modem out from the spares box before I can check that the tool succeeds in red flagging this particular problem in firmware release ≤ v1.05.
You might want to check your router or modem out using this tool, regardless of model.
Does anyone know of any similar security checkup tools?
