D-Link will release firmware updates to address a reported vulnerability in some of its routers by the end of October, the networking equipment manufacturer said today. The security issue in some of D-Link's routers that could allow attackers to change the device settings without requiring a username and password. A backdoor-type function built into the firmware of some D-Link routers could be used to bypass the normal authentication procedure on their Web-based user interfaces according to Craig Heffner, a vulnerability researcher with Tactical Network Solutions.

According to Heffner, the affected models likely include D-Link's DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240 and possibly DIR-615. The BRL-04UR and BRL-04CW routers made by Planex Communications might also be vulnerable because they also appear to use the same firmware, he said.

The firmware updates will be listed on a security page on the D-Link website.

D-Link said that owners of affected devices can minimize any potential risk by ensuring that their router has the Wi-Fi password enabled and that remote access is disabled. In addition, users should not tale any action if they receive unsolicited e-mails that relate to security vulnerabilities.