It is normally recommended to switch off remote access on routers but if your router is made by D-Link then you should especially revoke access.
A security expert, Craig Heffner, has analyzed the underlying code and found that there is an easy way that will allow unscrupulous people to exploit the vulnerability. When connected to the router, either by Ethernet cable or WiFi and then changing a certain setting to a specific code word, it bypasses the security of the device and allows access. Not only could you get online but you could monitor the network and whatever body else is doing as well.
D-Link has said they will issue a firmware update to resolve the outstanding exploit in the next few weeks and they are investigating how this happened. It is highly recommended to patch your firmware with this update.
The affected routers are the following models:
- DI-604+ ,