D-Link DIR-825 Router
From Wiki-IoT
Revision as of 03:47, 10 October 2025 by Jeandecian (talk | contribs)
Classification
| D-Link DIR-825 Router | |
|---|---|
| Classification | |
| Grade | F |
| Calculator version | 1 |
| Classification date | 2025-10-09 |
| Information | |
| Name | D-Link DIR-825 AC1200 Gigabit Router |
| Brand by Parent | D-Link by D-Link Corporation |
| Generation | HW B1 / v3 |
| Model(s) | DIR-825 (B1, R2, AC1200) |
| Release date | 2017-04-05 |
| Type/Category | Dual-band Wi-Fi gigabit router |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 177 × 139 × 50 mm |
| Mass | 250 g |
| Operating system | Linux-based D-Link SDK (VxWorks on early units) |
| Companion App | D-Link Wi-Fi (iOS/Android) or Web UI only |
| CPU | Realtek RTL8198D MIPS32 24 K @ 660 MHz |
| GPU | None |
| Memory | 64 MB DDR2 |
| Storage | 8 MB SPI NOR flash |
| Battery | None |
| Power | 12 V ⎓ 1.5 A external adapter |
| Charging | Barrel connector (no battery) |
| Display | 9 × LED (Power, WAN, LAN, Wi-Fi, WPS, USB) |
| Camera | None |
| Sound | None |
| Connectivity | Wi-Fi 5 (802.11ac) 2×2 MU-MIMO, 2.4 GHz 300 Mbps + 5 GHz 867 Mbps; 5× GbE (1× WAN + 4× LAN); USB 2.0; no Bluetooth |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | Very common | [2] | UART pins unpopulated but labelled; case snaps open without tools |
| Known vulnerabilities | Very common | [3] | Remote code exec via /cgi-bin/ scripts |
| Prior attacks | Very common | [4] | Multiple botnets (Mirai variants) exploit DIR-825 R2 |
| Updatability | Rare | [5] | Last firmware 2021-09; no automatic update channel; regional images only |
| Category score | 3 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Partial | [6] | HTTP basic auth; no 2FA, no certificate login |
| Communications | Encrypted with obselete encryption | [7] | HTTPS uses TLS 1.1, weak ciphers, self-signed cert |
| Storage | No encryption | [8] | SPI flash dumped in plaintext; config file readable |
| Category score | 3 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Basic | [9] | One admin, one guest account; no RBAC |
| Authentication | Basic | [10] | Single admin account; no 2FA |
| Brute-force protection | Absent | [11] | No lock-out, no captcha, unlimited login attempts |
| Event logging | Partial logging | [12] | Web UI shows DHCP & port-forward events; no syslog export, no failed-auth log |
| Passwords | Default/Common/Easy to guess | [13] | Factory admin/admin; no forced change, no complexity rules |
| Category score | 3 | ||
| Grade | F |
|---|
