D-Link Routers Face Multiple Vulnerabilities

"Vulnerabilities that leave some D-Link routers open to remote attacks has been discovered. An exploit could give an attacker root access, allow DNS hijacking and more.

D-Link said that it is looking into the problems, and noted in an advisory that there are three reported flaws. The first vulnerability relates to a malicious user who might be connected to the LAN-side of the device to use the device's upload utility to load malicious code without authentication.  A second vulnerability relates to the device’s ping utility that might permit command injection without authentication.  And a third vulnerability may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack that discloses information about the devices configuration."