Pierre Kim has discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks. The security researcherhas discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks.

The flawed devices are the D-Link DIR 850L wireless AC1200 dual-band gigabit cloud routers, the list of vulnerabilities includes the lack of proper firmware protection, backdoor access, command injection attacks resulting in root access and several cross-site scripting (XSS) flaws.

An attacker could exploit the vulnerabilities to intercept traffic, upload malicious firmware, and get full control over the affected routers.

Kim sustains that “the D-Link DIR 850L is a router overall badly designed with a lot of vulnerabilities. Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused.”

“Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused.” wrote Kim in a blog post.

This isn’t the first time Kim spots flaws in D-Link products, in October 2016 he reported multiple vulnerabilities in D-Link DWR-932B LTE router, but the Taiwan-based firm ignored them.

For this reason, the experts this time decided to publicly disclose the zero-day vulnerabilities hoping that the company will fix them.

At the time, users are invited avoid using the affected D-Link router in order to be safe from such attacks.

“I advise to IMMEDIATELY DISCONNECT vulnerable routers from the Internet.” Kim wrote.