D-Link Forums

D-Link Wireless Routers for Home and Small Business => DIR-882 => Topic started by: FurryNutz on April 14, 2021, 06:52:15 PM

Title: New - DIR-882-US Firmware v1.30 Build 06 Beta 01 - Official FW Hotfix Release
Post by: FurryNutz on April 14, 2021, 06:52:15 PM
Firmware: v1.30 B06 Beta 01   04/08/2021
Revision Info

On October 2, 2020, a 3rd party security researcher from Trend Micro, the Zero Day Initiative (ZDI) submitted a report accusing the DIR-882 using firmware v1.30B06 of a LAN-side Stack-based Buffer Overflow (RCE) exploit.   The Vulnerability is under investigation, if the vulnerability confirmed, a patch will be issued to close the reported issue. 

3rd Party Report information

          - Report provided: Trend Micro, the Zero Day Initiative (ZDI :: zdi-disclosures _at_ trendmicro _dot_ com

          - Reference : To Be Post upon author's public disclosure

          - The attack is affective on LAN-side of device only, since HNAP is a LAN-side protocol which is not exposed to the internet, An unauthenticated stack buffer overflow in the HNAP service due to the use of `strcat` to copy attacker-controlled POST request data to a 0x200-byte stack buffer when the User-Agent string is set to "Edge".

Get it here: NA Region
DIR-882-US (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10215)

Please follow the> FW Update Process (http://forums.dlink.com/index.php?topic=42457.0) to ensure a good FW upgrade is performed.

Let us know how it works for you...