Core Security didn't like that suggestion. Last Wednesday, Core asked D-Link "for a clarification regarding the D-Link release date and notifies that releasing fixes to a privileged closed group and/or a closed forum or list is unacceptable."
D-Link's forum does have a login field, but it appears that anyone can view many of the posts without registering. D-Link came back a day later and said that patches are ready and would be posted onto its web site "over the next few days," Core wrote.
D-Link did not immediately respond to requests for comment. It was unclear from the company's support forum if the firmware updates had been publicly posted yet.
Core Security credited its researchers Francisco Falcon, Nahuel Riva, Martin Rocha, Juan Cotta, Pablo Santamaria and Fernando Miranda with finding the problems.
Sign up for CIO Asia eNewsletters.