D-Link's recent announcement refusing to patch critical vulnerabilities in 60,000 older modems has ignited a broader discussion about IoT security, planned obsolescence, and sustainable alternatives in the networking equipment industry. While the company's stance on End-of-Life (EOL) devices isn't unusual, the severity of the vulnerabilities and the company's handling of the situation has prompted the tech community to advocate for more sustainable and secure solutions.
The Security Nightmare
The vulnerabilities discovered in D-Link's DSL6740C modem are particularly concerning, not just for their severity but for their implementation. Community analysis reveals that one vulnerability stems from astonishingly poor coding practices, where basic security principles were ignored. As one community member explained, the code allows direct command injection through web parameters, demonstrating a fundamental failure in security architecture that goes beyond typical software bugs.
Critical Vulnerabilities Found:
- CVE-2024-11068 (Severity 9.8): Password change through privileged API access
- CVE-2024-11067 (Severity 7.5): Path traversal flaw
- CVE-2024-11066 (Severity 7.2): Remote code execution (RCE)
- Additional high-severity command injection flaws: CVE-2024-11062, CVE-2024-11063, CVE-2024-11064, CVE-2024-11065
The Open-Source Alternative
In response to D-Link's handling of the situation, the tech community has rallied around open-source solutions, particularly OpenWRT and OPNSense. These alternatives offer several advantages over proprietary firmware, including longer support lifecycles and community-driven security updates. However, there are hardware limitations to consider:
At the lower end of the price spectrum, OpenWRT supported devices can be an incredible value, and most will probably remain supported for decades to come.
Recommended Alternative Solutions:
- OpenWRT compatible devices
- Ubiquiti (Unifi) products
- OPNSense supported hardware
- MikroTik routers (for advanced users)
The Environmental Impact
Beyond security concerns, the community has raised important points about environmental responsibility. The just buy a new one approach advocated by D-Link has drawn criticism for its environmental implications. Critics argue that manufacturers should bear more responsibility for the full lifecycle of their products, including proper disposal and environmental impact.
Moving Forward: Industry Solutions
The discussion has sparked several proposed solutions, including mandatory open firmware releases for EOL devices and stronger regulatory frameworks. Some community members suggest that manufacturers should be required to enable open firmware options when abandoning hardware support, allowing the community to maintain security for legacy devices.
Practical Advice for Users
For users currently operating vulnerable D-Link devices, the community recommends several immediate actions:
- Consider upgrading to devices that support open-source firmware
- If immediate replacement isn't possible, restrict remote access and implement secure access passwords
- Look into alternative vendors with better security track records and longer support commitments
The situation serves as a wake-up call for both consumers and manufacturers about the importance of long-term security support and the potential of open-source solutions in networking equipment.
Reference: D-Link says it won't patch 60,000 older modems, as they're not worth saving