large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Several vulnerabilities have been discovered in Comba and D-Link routers

Cybersecurity group Trustwave has unveiled five new vulnerabilities in Comba and D-Link routers that could let criminals swipe your login details while you browse.

The vulnerabilities were discovered by SpiderLabs Security Researcher Simon Kenin. The flaws, which were posted on the company’s SpiderLabs blog today, includes two issues in D-Link DSL modems and three across Comba Telecom Wi-Fi devices. “Since your router is the gateway in and out of your entire network it can potentially affect every user and system on that network”, warned Trustwave.

The first D-Link issue affects the D-Link DSL-2875AL dual band wireless modem, a device primarily used to connect a home network to an internet service provider. The router contains a password vulnerability that could allow anyone with access to the web-based management IP address to view your password in clear text.

Related: Best Router

The second issue affects both the DSL-2875AL and the DSL-2877AL modems and could allow anyone sneaking a peak at the source code on a router’s login page to access the username and password of the user’s internet service provider. This info could be even more dangerous if the D-Link owner is reusing their ISP login information with their router or another website, giving attackers access to more than just the Wi-Fi connection.

The Comba vulnerabilities include easy to crack MD5 hashes of router usernames and passwords. Hackers can use unauthenticated URL requests to enact a full takeover of the Comba AC2400 WiFi Access Controller’s filesystem, while the Comba AP2600-I WiFi Access Point has two vulnerabilities  the source code of the login page and a downloadable database file  giving attackers multiple opportunities to sneak away with your username and password.

Related: Best VPN

According to Trustwave, neither D-Link nor Comba Telecom have patched the vulnerabilities despite multiple attempts to contact them by the group’s disclosure team.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.