Telekom Malaysia Bhd (TM) and Time dotCom Bhd (Time) said a vulnerability found in the D-Link DIR-850L router will not affect their customers, as they provided a different version of the same model for their high speed broadband plans.
Cybersecurity firm Synopsys found a vulnerability in the dual-band router that allows hackers to get pass the WPA (WiFi Protected Access) security protocol that’s commonly used to secure home wireless networks.
The exploit basically allows a hacker to join the network without the required authentication credentials, and mount further attacks against users of the network, Synopsys said in a statement.
The D-Link DIR-850L router with hardware version A and firmware version 1.21B06 Beta and older are vulnerable. However, TM and Time said the D-Link routers they supplied to their customers are version B1 and not version A which is the affected one.
“Rest assured that the security and privacy of our customers are of utmost importance to us and we will keep our customers posted should there be any need to update the security patches for the router,” TM said in a statement.
“Users can verify their hardware version by looking at the product label on their router (which is at the bottom) for the ‘H/W ver’,” Synopsys said.
“Affected users should update their D-Link DIR-850L routers to the latest firmware version available.”
Tuomo Untinen, a Synopsys engineer based in Oulu, Finland, discovered this vulnerability during development of additional Defensics SafeGuard checks.
After the company informed D-Link in August about the flaw, the router maker published a firmware to fix the vulnerability on Nov 6.