PETALING JAYA: Telekom Malaysia Bhd (TM) said it has investigated the vulnerabilities of the D-Link DIR 850L router, which it provides with some UniFi broadband plans, and found that one of the security systems that is flawed is turned off by default.
It said in a statement that the flawed remote management which could allow attackers to take control of the router remotely is turned off by default with the units it supplies. It advises users that have turned on this feature to disable it immediately.
TM also advises users to use strong passwords for their WiFi network to minimise the risk of the router being compromised.
The router manufacturer is expected to release new firmware to fix the issues on Sept 21 but TM said it expects to take another two weeks to fully test it to ensure that it’s safe and compatible with its services before releasing it.
The vulnerabilities were discovered by security researcher Pierre Kim who posted in GitHub, a platform for the developer community, that the router suffers from 10 vulnerabilities, including insecure firmware, backdoor access, weak file permissions, and credentials in clear text.
Meanwhile, Time, another company that supplies the same router for some of its broadband plans, said it’s aware of the security risk posed by the router.
“The security and privacy of our users are of great importance to us. We are working with D-Link and will be taking further actions in the coming days to increase the security of our users,” it said in a statement.
D-Link also has a task force and product management team on call, reachable at reach its technical hotline at 1-800-88-2880, to address any security issues.