If you have one of the following D-Link router models - DIR850L, DIR-885L, DIR-890L and DIR-895L- it's password changing time.
Singapore’s Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) just released a joint advisory, cautioning that these models had been found to have serious vulnerabilities. These models are quite commonly given to customers by broadband providers, including Malaysia's own Unifi as well as some of Singapore's service providers among others.
Check for updates
While more than one model was mentioned in the advisory, the DIR-850L is under particular scrutiny as its vulnerability lies in the Web application that is used to configure passwords. Hackers can exploit the app to use it to take over routers.
D-Link has acknowledged the issue and has stated a firmware upgrade will be issued by today. Now, the question remains whether said update will work on all routers or will the update need to be configured for specific ISPs.
Our advice: if you received your router from an ISP, get in touch with them first and preferably get the firmware update through them instead of downloading it straight from the D-Link website once it goes live.
If you'd rather not go through the hassle, then you can consider purchasing a new router supported by your ISP. Ensure you have all your necessary settings and logins saved, preferably offline to make for easy configuration later.
In the meantime, best to change your password to a more secure one. It doesn't have to be a complicated, full of symbols and special characters - a long passphrase that is easy to remember will work just as well. Also disable the SharePort feature, to provide extra security.