Dlink has a long history of putting out insecure and even backdoored devices and so anyone with a dlink device is probably better off buying something different
> Dlink has a long history of putting out insecure and even backdoored devices and so anyone with a dlink device is probably better off buying something different
Except for unmanaged switches. These little D-Link unmanaged switches are little workhorses: I've got several so old I don't remember when I bought them. I take it D-Link didn't manage to fuck up even unmanaged switch?
But seen their approach to security, I probably won't buy D-Link again.
I think they actually did manage to fuck up even the small unmanaged switches. I have three unmanaged switches at home, one on the ground floor and two in the first floor. Ground floor is an 8 port netgear, first floor are one to link and one d link.
Every couple of weeks, the entire wired network goes down. Not even pinging adresses works. The d links ports leds are all flashing (perfectly in sync!) until I power cycle it. Then everything goes back to normal.
I have no idea what happens, and I should probably replace the d link soon.
DLink were for me one of the least reliable small unmanaged switches I tried over the years. Out of those I have had (I have about 7 in the house, they get replaced when one dies), there was DLink, Linksys, HP, Netgear and TP-Link, the TP-Links are byfar the most reliable in so much as I have never had one die, and now all my switches are TP-Link as all of the others gave up the gost.
This isn’t snark, but I didn’t think DLink was really a player anymore. Did they pivot? It used to be (like 20 years ago) they were like the #3 consumer brand after Linksys and Netgear. Now, it seems like the players are Eero, ASUS, Netgear, Linksys, TP-Link, Google. I haven’t even seen a DLink product in a store (online or not) or in the wild, in a decade.
Edit: checked their site: apparently they are still in the game, I guess just nobody buys them
Is it any easier than the millions of IP cameras, DVRs and WAN accessible modems and routers (from other manufacturers, particularly from China or South America)?
If anyone is looking for alternatives as far as long term supported products go... I've had nothing but good experiences with Ubiquiti (Unifi) and OpenWRT. At the lower end of the price spectrum, OpenWRT supported devices can be an incredible value, and most will probably remain supported for decades to come.
More broadly, it's not just about the support commitment but also about the company's reputation for shipping solid software. i.e. what is the prior on a scenario like this after the product goes EOL.
> At the lower end of the price spectrum, OpenWRT supported devices [...] will probably remain supported for decades to come.
Not really. Each newer OpenWRT release needs slightly more storage and memory than the previous one, and these devices at the lower end of the price spectrum tend to have as little storage and memory as they can get away with. Older devices with as little as 4 MB of storage and/or 32 MB of memory are already unable to run current OpenWRT releases, and devices with 8 MB of storage and/or 64 MB of memory are already on the way out. But yeah, other than that OpenWRT does tend to support devices way past their original EOL.
Counterpoint: The original "Google Wi-Fi" Mesh routers (the hockey puck looking ones) from about 10~ years ago come with *4GB* of storage and 512MB of RAM [1]
Note that the limit only applies to base OpenWRT installation. I have successfully configured my ancient router to boot from the router's USB storage (64gig flash drive)
I disagree with your sentiment. I think the routers openwrt has dropped support for are super low spec, like $20. And they still run older versions of openwrt.
You could probably also just run openwrt with out a gui and probably do fine.
Additionally, I like that openwrt works on higher end boxes now, like the zyxel gs1900 12, 24 and 48-port switches.
Regarding supporting devices long-term, I can still get current version official OpenWrt for the Netgear WNDR3700v2, which I think is about 15 years old at this point.
I always try to find out what's one of the best-supported OpenWrt routers at the time I'm shopping. And can I get one (or a few) of them on eBay at great prices.
WRT54-GL, WNDR3700(v2,v4) and WNDR3800, Netgear R7800.
I also have an OPNsense box that I'm evaluating. But, since OPNsense (FreeBSD) isn't strong on WiFi, I'd need to pair it with separate WiFi APs (running OpenWrt). I'm not liking the extra complexity, when an OpenWrt R7800 still does everything I really need right now.
> WRT54-GL, WNDR3700(v2,v4) and WNDR3800, Netgear R7800.
The WRT54-GL stands out, while having a really long support life it's also just FE, 10/100Mbps. The others are gigabit Ethernet. Could possibly be replaced from the list by the D-Link DIR-825 (N, not AC) which is also at the same support level as the Netgear WNDR3700v2.
I think OpenWRT is the right approach at this point. Open source really excels where there is a 'commons.' We all have a shared interest in secure networks. Commercialized gate keeping of router firmware doesn't make sense. These manufactures should just switch to OpenWRT and skin it.
> These manufactures should just switch to OpenWRT and skin it.
Take a look at Teltonika, that's basically what they do, but with nice over-provisioned hardware. Comes with the "industrial" price tag, but theirs is the most rock solid network gear I've ever used, and you actually receive frequent router and modem firmware updates.
I have one of their RUTX50 (5G LTE modem/router) at home and get about ~550 Mbit's through it, best internet I've ever had. I've never been forced to reboot it. I tried some consumer 5G modems before that and they were a total waste of money. I've also used their non LTE gear elsewhere and it's the same pleasant experience, and naturally highly configurable due to OpenWRT without having to hack around.
MikroTik also has a number of cheap devices and I have several of their "discontinued" products that are over a decade old that I'm still updating.
Their releases aren't really for _a_ device, but for a CPU architecture/chipset, so I don't know that I've actually run across any device that went unsupported before I replaced it anyway for reasons of wanting faster networking (i.e., 10/100 -> 1000; 802.11bgn -> 802.11n -> 802.11ac).
The vulnerabilities impact modem products rather than router products. If you have one of these modems, you'll need to replace the modem functionality with another modem. You can, however, place an OpenWrt router/firewall on your LAN side just past the modem.
This is something the EU Product Liability Directive potentially addresses. It demands that vendors (or importers) of products need to update their product if that's required to keep them secure. Otherwise they are liable for damages, even psychological damages.
There is no specific duration mentioned in the directive, so it's probably best from a vendor point of view to add product lifetime info to the product description or the contract, up front.
In Germany there is something similar in place, already and the expectation is that products (and necessary apps to run the products) need to be updated for 5 years on average.
> There is no specific duration mentioned in the directive
The directive has explicit 10 year expiry period, see (57)
> Given that products age over time and that higher safety standards are developed as the state of science and technology progresses, it would not be reasonable to make manufacturers liable for an unlimited period of time for the defectiveness of their products. Therefore, liability should be subject to a reasonable length of time, namely 10 years from the placing on the market or putting into service of a product (the ‘expiry period’), without prejudice to claims pending in legal proceedings.
That D-Link DSL6740C device was released in 2014. It's well past lifetime. I am not sure about PLD, but CRA is only for lifetime or ~5 year.
> When placing a product with digital elements on the market, and for the expected product lifetime or for a period of five years from the placing of the product on the market, whichever is shorter, manufacturers shall ensure that vulnerabilities of that product are handled effectively and in accordance with the essential requirements set out in Section 2 of Annex I.
The 5 year clock should start from the last time a consumer purchased the product new, though. I can't find anything concrete but some poking around on wayback machine indicates it was likely discontinued late 2018. Which probably still means they are in the clear in this instance even if you assume it takes a year for the inventory in the channel to sell through.
Not only was "the intern" tapped to write code that accepts user input from HTTP and also use system administration shell commands - and use C to do raw string handling, for that matter; who knows if `buf` is properly allocated? - but there was either no review/oversight or nobody saw the problem. Plus there are two layers of invoking a new program where surely one would suffice; and it's obviously done in a different way each time. Even programmers who have never used Linux and know nothing about its shells or core utilities, should be raising an eyebrow at that.
Meanwhile, people want to use AI to generate boilerplate so that their own company's "the intern" can feel like a "10x developer" (or managers can delude themselves that they found one).
I've had a box of old wifi-routers for years that I'd been meaning to reverse engineer and write up blog posts on the vulnerabilities to educate people on just how poor quality the software is written for the things you buy in your local electronics store. Every 3-4 years I'd have to buy another because the manufacturer stopped providing updates, even when I was buying their higher-end stuff.
I myself moved on to an Ubiquiti Edge Router almost 10 years ago, but Ubiquiti didn't do a great job of that in the long term and they ditched the EdgeRouter/EdgeMAX line so I ended up (and I wasn't interested in Unifi line for my router/firewall) buying a Protectli box, flashed coreboot and used pfSense for a while before eventually moving to OPNSense.
I came to the conclusion over this time that any consumer network equipment is basically junk and if you care at all about security you shouldn't use it; sadly that's easier said than done for non-techy folks.
Many pieces of older/cheaper hardware can be flashed with OpenWRT and I'd recommend that as the cheapest option for anyone who cares just a little, and doesn't want to buy new hardware, and for everyone who really wants to make an effort should buy some hardware that can run a properly maintained router OS like pfSense or OPNSense, even an all-in-one wifi-router-switch if you don't want to build out an entire SMB network.
I've been looking at some of the Mikrotik releases; I'll almost certainly be going Mikrotik when I get around to upgrading my home network to 10Gb, I'm just looking out for new APs and will probably replace them all at once.
Current using Unifi AP-AC Pros and Unifi 6 Pro around the house, but I keep having to move them around because the (newer) U6 Pro has atrocious range on both 2.4GHz and 5GHz compared to the AP-AC-Pro and my wife is getting annoyed at the poor WiFi signal on the living room TV (constant buffering), so I put the AP-AC-Pro back and it's better for the TV but slower for everything else.
Not sure if there's a better Unifi AP I can get for this part of the house or if I need to switch everything out as don't want to mix AP manufacturers/management tools.
I didn't find most of the affected models there, and for these which I did, pages are full of warnings like that OpenWrt support is obsolete since 2022 and/or that 4 MB of flash and 32 MB of RAM is not enough to do anything useful
Look I am just being grumpy about this and I know it has nothing really substantive to do with the underlying story, which is D-Link EOL'ing products, but: there is really no such thing as a "9.8" or "9.2" vulnerability; there is more actual science in Pitchfork's 0.0-10.0 scale than there is in CVSS.
It's a shame that MikroTik routers' UI is completely unsuitable for non-powerusers.
Otherwise they would be perfect. Cheap and supported practically forever. Their trick seems to be that they use a single firmware image for all routers with the same CPU architecture.
They've been trying lately though, you can supposedly set one up for a basic pppoe and dhcp scenario using the Mikrotik phone app and they have a Back To Home wireguard VPN setup app
Readit News
https://www.techradar.com/pro/security/d-link-says-it-wont-p...
Dlink has a long history of putting out insecure and even backdoored devices and so anyone with a dlink device is probably better off buying something different
Except for unmanaged switches. These little D-Link unmanaged switches are little workhorses: I've got several so old I don't remember when I bought them. I take it D-Link didn't manage to fuck up even unmanaged switch?
But seen their approach to security, I probably won't buy D-Link again.
Every couple of weeks, the entire wired network goes down. Not even pinging adresses works. The d links ports leds are all flashing (perfectly in sync!) until I power cycle it. Then everything goes back to normal.
I have no idea what happens, and I should probably replace the d link soon.
I'd hope not. I haven't seen it yet at least.
Edit: checked their site: apparently they are still in the game, I guess just nobody buys them
Right, my immediate reaction after reading the title was that D-Link might not patch their hardware, but others certainly will.
More broadly, it's not just about the support commitment but also about the company's reputation for shipping solid software. i.e. what is the prior on a scenario like this after the product goes EOL.
Not really. Each newer OpenWRT release needs slightly more storage and memory than the previous one, and these devices at the lower end of the price spectrum tend to have as little storage and memory as they can get away with. Older devices with as little as 4 MB of storage and/or 32 MB of memory are already unable to run current OpenWRT releases, and devices with 8 MB of storage and/or 64 MB of memory are already on the way out. But yeah, other than that OpenWRT does tend to support devices way past their original EOL.
[1] https://openwrt.org/toh/google/wifi
They're about $30-$50 USD for a 3 pack on eBay
You could probably also just run openwrt with out a gui and probably do fine.
Additionally, I like that openwrt works on higher end boxes now, like the zyxel gs1900 12, 24 and 48-port switches.
https://firmware-selector.openwrt.org/?version=23.05.5&targe...
https://openwrt.org/toh/netgear/wndr3700
I always try to find out what's one of the best-supported OpenWrt routers at the time I'm shopping. And can I get one (or a few) of them on eBay at great prices.
WRT54-GL, WNDR3700(v2,v4) and WNDR3800, Netgear R7800.
I also have an OPNsense box that I'm evaluating. But, since OPNsense (FreeBSD) isn't strong on WiFi, I'd need to pair it with separate WiFi APs (running OpenWrt). I'm not liking the extra complexity, when an OpenWrt R7800 still does everything I really need right now.
The WRT54-GL stands out, while having a really long support life it's also just FE, 10/100Mbps. The others are gigabit Ethernet. Could possibly be replaced from the list by the D-Link DIR-825 (N, not AC) which is also at the same support level as the Netgear WNDR3700v2.
Take a look at Teltonika, that's basically what they do, but with nice over-provisioned hardware. Comes with the "industrial" price tag, but theirs is the most rock solid network gear I've ever used, and you actually receive frequent router and modem firmware updates.
I have one of their RUTX50 (5G LTE modem/router) at home and get about ~550 Mbit's through it, best internet I've ever had. I've never been forced to reboot it. I tried some consumer 5G modems before that and they were a total waste of money. I've also used their non LTE gear elsewhere and it's the same pleasant experience, and naturally highly configurable due to OpenWRT without having to hack around.
Their releases aren't really for _a_ device, but for a CPU architecture/chipset, so I don't know that I've actually run across any device that went unsupported before I replaced it anyway for reasons of wanting faster networking (i.e., 10/100 -> 1000; 802.11bgn -> 802.11n -> 802.11ac).
Many of them are also supported by OpenWRT.
There is no specific duration mentioned in the directive, so it's probably best from a vendor point of view to add product lifetime info to the product description or the contract, up front.
In Germany there is something similar in place, already and the expectation is that products (and necessary apps to run the products) need to be updated for 5 years on average.
The directive has explicit 10 year expiry period, see (57)
> Given that products age over time and that higher safety standards are developed as the state of science and technology progresses, it would not be reasonable to make manufacturers liable for an unlimited period of time for the defectiveness of their products. Therefore, liability should be subject to a reasonable length of time, namely 10 years from the placing on the market or putting into service of a product (the ‘expiry period’), without prejudice to claims pending in legal proceedings.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A...
> When placing a product with digital elements on the market, and for the expected product lifetime or for a period of five years from the placing of the product on the market, whichever is shorter, manufacturers shall ensure that vulnerabilities of that product are handled effectively and in accordance with the essential requirements set out in Section 2 of Annex I.
Call GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27
account_mgr.cgi is safe, it takes web parameters "name", "pw" and calls the equivalent of
"account" was written by the intern and runsNot only was "the intern" tapped to write code that accepts user input from HTTP and also use system administration shell commands - and use C to do raw string handling, for that matter; who knows if `buf` is properly allocated? - but there was either no review/oversight or nobody saw the problem. Plus there are two layers of invoking a new program where surely one would suffice; and it's obviously done in a different way each time. Even programmers who have never used Linux and know nothing about its shells or core utilities, should be raising an eyebrow at that.
Meanwhile, people want to use AI to generate boilerplate so that their own company's "the intern" can feel like a "10x developer" (or managers can delude themselves that they found one).
I myself moved on to an Ubiquiti Edge Router almost 10 years ago, but Ubiquiti didn't do a great job of that in the long term and they ditched the EdgeRouter/EdgeMAX line so I ended up (and I wasn't interested in Unifi line for my router/firewall) buying a Protectli box, flashed coreboot and used pfSense for a while before eventually moving to OPNSense.
I came to the conclusion over this time that any consumer network equipment is basically junk and if you care at all about security you shouldn't use it; sadly that's easier said than done for non-techy folks.
Many pieces of older/cheaper hardware can be flashed with OpenWRT and I'd recommend that as the cheapest option for anyone who cares just a little, and doesn't want to buy new hardware, and for everyone who really wants to make an effort should buy some hardware that can run a properly maintained router OS like pfSense or OPNSense, even an all-in-one wifi-router-switch if you don't want to build out an entire SMB network.
Current using Unifi AP-AC Pros and Unifi 6 Pro around the house, but I keep having to move them around because the (newer) U6 Pro has atrocious range on both 2.4GHz and 5GHz compared to the AP-AC-Pro and my wife is getting annoyed at the poor WiFi signal on the living room TV (constant buffering), so I put the AP-AC-Pro back and it's better for the TV but slower for everything else.
Not sure if there's a better Unifi AP I can get for this part of the house or if I need to switch everything out as don't want to mix AP manufacturers/management tools.
https://openwrt.org/toh/d-link/start
Otherwise they would be perfect. Cheap and supported practically forever. Their trick seems to be that they use a single firmware image for all routers with the same CPU architecture.
And the default page on routers ip is https://help.mikrotik.com/docs/spaces/ROS/pages/328060/Quick...