• December 08, 2021, 09:30:39 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DIR-882-US Firmware v1.30 Build 06 Beta 01 - Official FW Hotfix Release  (Read 2510 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49868
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Firmware: v1.30 B06 Beta 01   04/08/2021
Revision Info
Overview

On October 2, 2020, a 3rd party security researcher from Trend Micro, the Zero Day Initiative (ZDI) submitted a report accusing the DIR-882 using firmware v1.30B06 of a LAN-side Stack-based Buffer Overflow (RCE) exploit.   The Vulnerability is under investigation, if the vulnerability confirmed, a patch will be issued to close the reported issue. 

3rd Party Report information

          - Report provided: Trend Micro, the Zero Day Initiative (ZDI :: zdi-disclosures _at_ trendmicro _dot_ com

          - Reference : To Be Post upon author's public disclosure

          - The attack is affective on LAN-side of device only, since HNAP is a LAN-side protocol which is not exposed to the internet, An unauthenticated stack buffer overflow in the HNAP service due to the use of `strcat` to copy attacker-controlled POST request data to a 0x200-byte stack buffer when the User-Agent string is set to "Edge".


Get it here: NA Region
DIR-882-US

Please follow the> FW Update Process to ensure a good FW upgrade is performed.

Let us know how it works for you...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.