D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-850L => Topic started by: FurryNutz on November 07, 2018, 08:59:33 AM

Title: DIR-850L Rev A FW v1.21 Build 07 Official Security Release - All Regions!
Post by: FurryNutz on November 07, 2018, 08:59:33 AM
Firmware:   v1.21 B07   11/06//2018 All Regions!
Revision Info: Rev A Only!   

Problems Resolved:
On August 20, 2018,  D-Link was notified and began investigation with coordination froom NCSC-FI regarding a possible security vulnerability on the DIR-850L hardware revision A, that allows an attacker to bypass WiFi encryption and gain internet access via WiFi.

3rd Party Report information
Author: Tuomo Untinen of Synopsys of Finland

Coordination:  National Cyber Security Centre Finland (NCSC-FI)

Public Disclosure: https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-026.html
 (https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-026.html)
Details
We advise to read the Public Disclosure from the author.

The D-Link DIR-850 wlan router will communicate to client that have not completed full a WPA handshake. The client can communicate with the router with IP packets on Data Frames without encryption. An attacker can join the network provided by the affected router without the required credentials, and mount further attacks to the users of the network.

Known Issues:
None

Enhancements:
None

Get it here:
DIR-850L (https://support.dlink.com/productinfo.aspx?m=DIR-850L)


Please follow the> FW Update Process (http://forums.dlink.com/index.php?topic
=42457.0) to ensure a good FW upgrade is performed.

Let us know how it works for you...


Title: Re: DIR-850L Rev A FW v1.21 Build 07 Official Security Release - All Regions!
Post by: FurryNutz on April 18, 2019, 11:04:59 AM
Build 08 is new and available for Rev A.

v2.33. Build O3 is available for DIR-850L Rev B models.

Problems Resolved:
Report: A research report to D-Link has reported multiple routers (DIR-850L A1/B1, DIR-822 C1 and DIR-880L A1) with security vulnerabilities: Authenticated bypass and Authenticated RCE. 3rd Party Researcher: Henry Huang (happyholic1203 at gmail dot com)
1.Authentication bypass
2.Authenticated RCE


Title: Re: DIR-850L Rev A FW v1.21 Build 07 Official Security Release - All Regions!
Post by: FurryNutz on November 02, 2019, 09:04:54 AM
"This product has been discontinued.
Free support for this product has ended on 08/31/2018."

D-Link’s End-of-Life Policy can be found here: https://support.dlink.com/EndOfLifePolicy.aspx (https://support.dlink.com/EndOfLifePolicy.aspx)