November 2012 - discovered vulnerability
11.11.2012 - contacted dlink via the webinterface
20.12.2012 - contacted Heise Security with details and Heisec forwarded the details to D-Link
21.12.2012 - D-link responded that they will check the findings *h00ray*
11.01.2013 - requested status update
25.01.2013 - requested status update
25.01.2013 - D-Link responded that this is a security problem from the user and/or browser and they will not provide a fix
xx.02.2013 - no update from dlink, public release
建议:
--------------------------------------------------------------------------------
厂商补丁:
D-Link
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: