CyberNews Briefs

D-Link, Comba network gear leave passwords open for potentially whole world to see

Security researchers with Trustwave have discovered that certain DSL modems and Wi-Fi routers produced by D-Link and Comba expose user passwords to the Internet as the result of various firmware vulnerabilities.

D-Link devices are affected by two firmware bugs, one of which makes it possible to view a file containing the user password by simply visiting a path to the file on the web-based admin console, namely https://[router ip address]/romfile.cfg. Comba devices are impacted by three flaws, including the presence of a plaintext password file that can be accessed via the device’s IP address. While D-Link has already fixed the issues, this doesn’t appear to be the case for the vulnerable Comba devices.

Read more: D-Link, Comba network gear leave passwords open for potentially whole world to see

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.