Want CNET to notify you of price drops and the latest stories?

New security holes found in D-Link router

Security researcher reveals multiple Web-based security vulnerabilities in the D-Link 2760N.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt

A new spate of vulnerabilities have been found in a D-Link router, a security researcher said Monday.

The D-Link 2760N, also known as the D-Link DSL-2760U-BN, is susceptible to several cross-site scripting (XSS) bugs through its Web interface, reported ThreatPost.

Liad Mizrachi, the researcher who discovered the bugs, said he notified D-Link about the bugs in August, September, and October, but D-Link did not respond.

The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI-624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a patch to the backdoor bug.

Jacob Holcomb, a security researcher who uncovered widespread vulnerabilities in popular routers earlier this year, told CNET that he wasn't surprised by the backdoor bug, and wished that manufacturers would do more to fix security problems when found in embedded devices such as cameras and routers.

"Code written for these devices continues to provide inadequate security for today's digital society, and manufacturers should be held accountable for the implementation of code that intentionally circumvents security," he said.

D-Link told CNET that the router is not sold in the US and that the company is working on a solution that will be published on their support site when it's ready. D-Link did not offer a timeline for when that might be, though.

Updated at 4:45 p.m. on Nov. 12 with comment from D-Link.