D-Link Says It Won't Patch 60k Older Modems Despite Security Risks
D-Link has announced it will not release security patches for approximately 60,000 vulnerable DSL6740C modems currently connected to the internet, leaving users potentially exposed to cyber attacks. The company's decision comes after multiple serious security flaws were discovered in these end-of-life devices.
Security researcher Chaio-Lin Yu recently uncovered three major vulnerabilities in the DSL6740C model. The most severe issue, identified as CVE-2024-11068, received a critical severity score of 9.8 and could allow attackers to change device passwords through unauthorized API access. Two additional flaws were also found - a path traversal vulnerability and a remote code execution weakness.
Making matters worse, four additional high-severity command injection vulnerabilities were reported by the Taiwanese computer and response center (TWCERTCC) in the same modem model.
The majority of affected devices are located in Taiwan, with the model no longer available for sale in the United States. Rather than addressing these security concerns, D-Link has advised customers to replace their outdated devices with newer models.
For users unable to immediately upgrade their hardware, security experts recommend taking protective measures including:
- Restricting remote access to the device
- Setting strong access passwords
- Regularly monitoring for suspicious activity
This announcement follows a recent pattern from D-Link, who also declined to patch multiple vulnerable Network Attached Storage (NAS) devices that had reached end-of-life status.
The situation highlights growing concerns about security support for aging network equipment, particularly as routers remain prime targets for cyber attacks.