Firmware: v1.30 B06 Beta 01 04/08/2021 Revision InfoOverviewOn October 2, 2020, a 3rd party security researcher from Trend Micro, the Zero Day Initiative (ZDI) submitted a report accusing the DIR-882 using firmware v1.30B06 of a LAN-side Stack-based Buffer Overflow (RCE) exploit. The Vulnerability is under investigation, if the vulnerability confirmed, a patch will be issued to close the reported issue.
3rd Party Report information
- Report provided: Trend Micro, the Zero Day Initiative (ZDI :: zdi-disclosures _at_ trendmicro _dot_ com
- Reference : To Be Post upon author's public disclosure
- The attack is affective on LAN-side of device only, since HNAP is a LAN-side protocol which is not exposed to the internet, An unauthenticated stack buffer overflow in the HNAP service due to the use of `strcat` to copy attacker-controlled POST request data to a 0x200-byte stack buffer when the User-Agent string is set to "Edge".
Get it here: NA Region
DIR-882-USPlease follow the>
FW Update Process to ensure a good FW upgrade is performed.
Let us know how it works for you...