Backdoor found in D-Link routers
D-Link is not having a good time, as the media has been busy highlighting a backdoor left in its router firmware that could potentially allow anyone to change router settings or upgrade the firmware to do whatever they wrote it to do.
The routers affected are consumer devices the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and the TM-G5240 and two Planex devices (BRL-04UR and BRL-04CW) that share the same firmware codebase also have the vulnerability.
D-Link appear to be saying that a new firmware update to patch the hole will be available by the end of October, which is a very long time to fix a security issue that is now so widely known, and there are some indications that someone may have spotted the flaw some three years ago.
If you have one of the affected D-Link routers, then the immediate steps to take are to double check that remote access to the router is disabled, this should be disabled by default. There is a D-Link page listing what appears to be new firmware for some routers, with some of these versions dating back to February 2013, not all the models affected have new firmware yet. Which raises a question as to why if D-Link knew about this backdoor it has not moved to release updates to all the affected devices.
Probably the biggest risk currently is that phishing emails will now be crafted, if you get any emails pertaining to D-Link backdoor, then the rule of delete and ignore is the best policy and only download new firmware versions from sites hosted by D-Link.