If you have been using the D-Link router that UniFi and Time Internet has provided, namely the DIR-850L, you might want to take note that there is a severe security issue going on right now. As reported by Lowyat.NET, the issue came to light after a security researcher named Pierre Kim has discovered that the said router has several issues back in June and was published online two weeks ago, the issues include unsecure firmware, backdoor access, weak files permission, credentials in cleartext, and more. In the research note, Pierre Kim noted that the attacker can access the router using the myDlink Cloud account feature, since the password is being stored in the cloud in cleartext.

The D-Link DIR-895L AC5300 Wireless Router

The D-Link DIR-850L has also been used by ISPs in Singapore, hence in light of this the Cyber Security Agency of Singapore and Infocomm Media Development Authority have also jointly released a security advisory that addresses the issue, while also naming three more D-Link DIR-800 series router in the list, including the recent DIR-895L that we have reviewed, the DIR-885L and DIR-890L.

This isn’t pleasant news to those who have enabled remote access to their D-Link routers, thankfully D-Link Malaysia has responded to this issue in a timely manner, by advising users to reset the router and disabling the WAN remote admin feature, a new firmware will be available on the September 21 to fix the issue permanently. If you are using one of the said routers above, D-Link has released a guide on how to resolve this temporarily, which can you refer here.

[Update 19/9 8:02PM] TIME Internet has issued a statement regarding the D-Link DIR-850L as per below:

We’re aware that the D-Link DIR850-L WiFi router provided to some of our users was recently found to be exposed to a security risk.

The security and privacy of our users are of great importance to us. We are working with D-Link and will be taking further actions in the coming days to increase the security of our users.

In the meantime, the interim countermeasure is a simple one and the instructions can be accessed here at www.time.com.my/dlink-support.