Jump to content

D-Link

From Wikipedia, the free encyclopedia
(Redirected from D-link)

D-Link Systems, Inc.
FormerlyDatex Systems, Inc. (1986-1992)
Company typePublic
TWSE: 2332
IndustryNetworking hardware
Telecoms equipments
Founded1986; 38 years ago (1986)
Headquarters,
Area served
Worldwide
Key people
Victor Kuo (Chairman)
Products
Websitewww.dlink.com Edit this at Wikidata

D-Link Systems, Inc. (formerly Datex Systems, Inc.) is a Taiwanese multinational manufacturer of networking hardware and telecoms equipments. It was founded in 1986 and headquartered in Taipei, Taiwan.[1]

History

[edit]

Datex Systems was founded in 1986 in Taipei, Taiwan.

In 1992, the company changed its name to D-Link.

D-Link went public and became the first networking company on the Taiwan Stock Exchange in 1994. It is now also publicly traded on the New York Stock Exchange.

In 1988, D-Link released the industry's first peer-to-peer LANSmart Network Operating System,[2]: 167-168 able to run concurrently with early networking systems such as Novell's NetWare and TCP/IP, which most small network operating systems could not do at the time.

In 2007, it was the leading networking company in the small to medium business (SMB) segment worldwide, with a 21.9% market share.[notes 1] In March 2008, it became the market leader in Wi-Fi product shipments worldwide, with 33% of the total market.[notes 2] In 2007, the company was featured in the "Info Tech 100" list of the world's best IT companies. It was also ranked as the ninth best IT company in the world for shareholder returns by BusinessWeek.[3] In the same year, D-Link released one of the first Wi‑Fi Certified 802.11n draft 2.0 Wi-Fi routers (DIR-655),[4] which subsequently became one of the most successful draft 802.11n routers.[5]

In May 2013, D-Link released its flagship draft 802.11ac Wireless AC1750 Dual-Band Router (DIR-868L), which at that point had attained the fastest-ever wireless throughput as tested by blogger Tim Higgins.[6]

In April 2019, D-Link was named Gartner Peer Insights Customers’ Choice for Wired and Wireless LAN Access Infrastructure.[7]

In June 2020, D-Link joined the Taiwan Steel Group.[clarification needed]

In 2021, D-Link announced that it had become the agent for international information security brand Cyberbit in Taiwan, and it launched the new EAGLE PRO AI series transforming home Wi-Fi experiences.

In 2022, D-Link obtained the TRUSTe Privacy seal, certification of ISO/IEC 27001:2013 and BS 10012. It also obtained the GHG Part 1 certification of ISO 14064-1 2018. Moreover, D-Link established the "D-Link Group Scholarship" with National Taiwan University of Science and Technology to encourage foreign students to study in Taiwan.

[edit]

Controversies

[edit]

Backdoors

[edit]

D-Link systematically includes backdoors in their equipment that compromise its users security.[8] One of the prominent examples is xmlset_roodkcableoj28840ybtide, which contains the substring roodkcab, which is the word backdoor written backwards.[9]

In January 2013, version v1.13 for the DIR-100 revA was reported to include a backdoor in the firmware. By passing a specific user agent in an HTTP request to the router, normal authentication is bypassed. It was reported that this backdoor had been present for some time.[10] This backdoor however was closed soon after with a security patch issued by the company.[11]

In 2024-06-17 information about CVE-2024-6045 backdoor was disclosed.[12]

Vulnerabilities

[edit]

In January 2010, it was reported that HNAP vulnerabilities had been found on some D-Link routers. D-Link was also criticized for their response which was deemed confusing as to which models were affected and downplayed the seriousness of the risk.[13] However the company issued fixes for these router vulnerabilities soon after.[14]

Computerworld reported in January 2015 that ZynOS, a firmware used by some D-Link routers (as well as ZTE, TP-Link, and others), are vulnerable to DNS hijacking by an unauthenticated remote attacker, specifically when remote management is enabled.[15] Affected models had already been phased out by the time the vulnerability was discovered and the company also issued a firmware patch for affected devices for those still using older hardware.[16]

Later in 2015, it was reported that D-Link leaked the private keys used to sign firmware updates for the DCS-5020L security camera and a variety of other D-Link products. The key expired in September 2015, but had been published online for seven months.[17] The initial investigation did not produce any evidence that the certificates were abused.[18]

Also in 2015, D-Link was criticized for more HNAP vulnerabilities,[19] and worse, introducing new vulnerabilities in their "fixed" firmware updates.[20]

On 5 January 2017, the Federal Trade Commission sued D-Link for failing to take reasonable steps to secure their routers and IP cameras, as D-Link marketing was misleading customers into believing their products were secure. The complaint also says security gaps could allow hackers to watch and record people on their D-Link cameras without their knowledge, target them for theft, or record private conversations.[21] D-Link has denied these accusations and has enlisted Cause of Action Institute to file a motion against the FTC for their "baseless" charges.[22] On 2 July 2019, the case was settled with D-Link not found to be liable for any of the alleged violations.[23] D-Link agreed to continue to make security enhancements in its software security program and software development, with biennial, independent, third-party assessments, approved by the FTC.[24]

On 18 January 2021 Sven Krewitt, researcher at Risk Based Security, discovered multiple pre-authentication vulnerabilities in D-Link's DAP-2020 Wireless N Access Point product.[25] D-Link confirmed these vulnerabilities in a support announcement and provided a patch to hot-fix the product's firmware.[26]

In April 2024, D-Link acknowledged a security vulnerability that affected all hardware revisions of four models of network attached storage devices. Because the products have reached their end of service life date, the company stated in a release that the products are no longer supported and that a fix would not be offered.[27]

Server misuse

[edit]

In 2006, D-Link was accused of NTP vandalism, when it was found that its routers were sending time requests to a small NTP server in Denmark, incurring thousands of dollars of costs to its operator. D-Link initially refused to accept responsibility.[28] Later, D-link products were found also to be abusing other time servers, including some operated by the US military and NASA.[29] However, no malicious intent was discovered, and eventually D-Link and the sites owner Poul-Henning Kamp were able to agree to an amicable settlement regarding access to Kamp's GPS.Dix.dk NTP Time Server site, with existing products gaining authorized access to Kamp's server.[30]

GPL violation

[edit]

On 6 September 2006, the gpl-violations.org project prevailed in court litigation against D-Link Germany GmbH regarding D-Link's inappropriate and copyright infringing use of parts of the Linux kernel.[31] D-Link Germany GmbH was ordered to pay plaintiff's costs.[32] Following the judgement, D-Link agreed to a cease and desist request, ending distribution of the product, and paying legal costs.[33]

See also

[edit]

References

[edit]

Notes

[edit]
  1. ^ Compiled from In-Stat Q1 2007 Wireless LAN Equipment Market Share Report
  2. ^ In-Stat Q4/07 WLAN Market Share Report

Citations

[edit]
  1. ^ "History of D-Link". D‑Link (Europe). n.d. Archived from the original on 13 May 2022. Retrieved 6 August 2022. 1986 - Datex Systems, Inc. is founded to market network adapters.
  2. ^ Maxwell, Kimberly (29 May 1990). "LANsmart Operating System". PC Magazine. Vol. 9, no. 10. Ziff Davis. pp. 167–168. ISSN 0888-8507. OCLC 642393284. Retrieved 6 August 2022 – via Google Books.
  3. ^ Ante, Spencer E.; Ewing, Jack; Greene, Jay; Burrows, Peter; Hof, Robert D. (2 July 2007). "The Info Tech 100". BusinessWeek. ISSN 0007-7135. Archived from the original on 18 July 2022.
  4. ^ Higgins, Tim (9 July 2007). "D-Link DIR-655 Xtreme N Gigabit Router Review:Draft 2.0 arrives". SmallNetBuilders. Archived from the original on 20 July 2022. Retrieved 6 August 2022. But with the Wi-Fi Certification process underway, I'm reluctantly going to begin review of Draft 11n products. And since the DIR-655 was the first draft 11n product to post Draft 2.0 firmware and driver updates, and one of the first out of the Wi-Fi Certification gate, what better place to start?
  5. ^ Higgins, Tim (10 February 2009). "D-Link DIR-655 A4 Quick Review". SmallNetBuilders. Archived from the original on 17 May 2022. Retrieved 6 August 2022.
  6. ^ Higgins, Tim (28 May 2013). "D-Link DIR-868L Wireless AC1750 Dual Band Gigabit Cloud Router Reviewed". SmallNetBuilders. Archived from the original on 21 July 2022. Retrieved 6 August 2022.
  7. ^ Best Wired and Wireless LAN Access Infrastructure of 2019 as reviewed by customers. [1]. Gartner Peer Insights Customers’ Choice - Apr 2019
  8. ^ Over 92,000 exposed D-Link NAS devices have a backdoor account
  9. ^ "D-Link issues fixes for firmware backdoor in routers".
  10. ^ Yegulalp, Serdar (14 October 2013). "D-Link's backdoor: What else is in there?". InfoWorld. ISSN 0199-6649. Retrieved 1 April 2016.
  11. ^ Krebs, Brian (2 December 2013). "Important Security Update for D-Link Routers". Krebs on Security. Retrieved 17 September 2020.
  12. ^ https://securityonline.info/d-link-routers-exposed-critical-backdoor-vulnerability-discovered-cve-2024-6045/ [bare URL]
  13. ^ "Which Routers Are Vulnerable to the D-Link HNAP Exploit?". Source Sec Tech Engine. 18 January 2010. Archived from the original on 26 December 2013.
  14. ^ "D-Link Issues Fixes for Router Vulnerabilities". PCWorld. 15 January 2010. ISSN 0737-8939. Retrieved 17 September 2020.
  15. ^ Constantin, Lucian. "DNS hijacking flaw affects D-Link DSL router, possibly other devices". Computerworld. ISSN 0010-4841. Retrieved 1 April 2016.
  16. ^ Jackson, Mark (31 January 2015). "UPDATE D-Link Broadband Routers Vulnerable to DNS Hijack Attack". ISPreview UK. Retrieved 17 September 2020.
  17. ^ "In blunder threatening Windows users, D-Link publishes code-signing key". Ars Technica. 18 September 2015. Retrieved 1 April 2016.
  18. ^ "D-Link Accidentally Leaks Private Code-Signing Keys". threatpost.com. 18 September 2015. Retrieved 17 September 2020.
  19. ^ "Hacking the D-Link DIR-890L".
  20. ^ Craig (15 April 2014). "What the Ridiculous F***, D-Link?!". /dev/ttyS0 | Embedded Device Hacking. Archived from the original on 20 April 2015. Retrieved 6 August 2022. However, they've added another sprintf to the code before the call to access; their patch to prevent an unauthenticated sprintf stack overflow includes a new unauthenticated sprintf stack overflow.
  21. ^ "FTC sues D-Link over router and camera security flaws | Consumer Information". Archived from the original on 7 January 2017. Retrieved 7 January 2017.
  22. ^ "Cause of Action Institute Files Motion to Dismiss FTC's Baseless Data Security Charges Against D-Link Systems Inc. - Cause of Action Institute". Cause of Action Institute. 31 January 2017. Retrieved 12 February 2017.
  23. ^ "proposed settlement, D-Link is required" (PDF).
  24. ^ "D-Link Agrees to Make Security Enhancements to Settle FTC Litigation". 2 July 2019.
  25. ^ Krewitt, Sven (18 January 2021). "RBS-2021-002-D-Link DAP-2020". Risk Based Security. Archived from the original on 7 March 2021. Retrieved 2 September 2020.
  26. ^ "D-Link Technical Support". supportannouncement.us.dlink.com. Retrieved 2 September 2021.
  27. ^ "DNS-320L / DNS-325 / DNS-327 / DNS-340L and All D-Link NAS Storage :: All Models and All Revison :: End of Service Life :: CVE-2024-3273 : Vulnerabilities Reported by VulDB/Netsecfish". D-Link. 8 April 2024. Retrieved 8 April 2024.
  28. ^ Leyden, John (13 April 2006). "D-Link accused of 'killing' time servers | Time to stop freeloading". The Register. Archived from the original on 22 September 2020. Retrieved 9 August 2022. D-Link, for its part, is hiding behind its lawyers. Instead of acknowledging it might have made an error, and operators say D-Link's attorneys have accused them of "extortion" or else demanded that disgruntled punters submit to Californian law.
  29. ^ Ward, Mark (13 April 2006). "Net clocks suffering data deluge". BBC News. Archived from the original on 27 April 2022. Retrieved 9 August 2022. This has revealed that D-Link hardware is also causing problems for 50 other net time servers. The list includes some run by the US military, Nasa, US research organisations and government groups around the world.
  30. ^ Leyden, John (11 May 2006). "D-Link settles dispute with 'time geek' | Time to kiss and make up". The Register. Archived from the original on 7 April 2022. Retrieved 9 August 2022. Networking manufacturer D-Link has settled a dispute with a Danish administrator Poul-Henning Kamp over the way its kit queries internet time servers.
  31. ^ GPL-Violations.org project prevails in court case on GPL violation by D-Link Archived 7 October 2014 at the Wayback Machine
  32. ^ Docket Number 2-6 0 224/06 DISTRICT COURT OF FRANKFURT AM MAIN Archived 6 December 2006 at the Wayback Machine
  33. ^ "German court raps D-Link over GPL violation". iTnews. Retrieved 17 September 2020.
[edit]