D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-878 => Topic started by: FurryNutz on February 25, 2020, 06:14:40 AM
-
Firmware: v1.30 B10 Beta 02/21/2020
Revision Info
Overview
On December 23, 2019, Trend Micro's Zero Day Initiative (ZDI) research team submitted two security-related issues (1) CVE-2020-8863 (ZDI ID: ZDI-CAN-9470) an HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass vulnerability and (2) CVE-2020-8864 (ZDI ID: ZDI-CAN-9471) an HNAP strncmp Incorrect Comparison Authentication Bypass vulnerability. These vulnerabilities are logic flaws in the implementation of the HNAP allowing an LAN-Side attacker to bypass authentication and reset the admin password
3rd Party Report information
- Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI
- Reference :
- CVE-2020-8863 :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8863 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8863)
- ZDI-CAN-9470: D-Link Routers HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
- CVE-2020-8864 :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8864 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8864)
- ZDI-CAN-9471: D-Link Multiple Routers HNAP strncmp Incorrect Comparison Authentication Bypass Vulnerability
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157 (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157)
Get it here: NA Region
DIR-878 (https://support.dlink.com/productinfo.aspx?m=DIR-878)
Please follow the> FW Update Process (http://forums.dlink.com/index.php?topic=42457.0) to ensure a good FW upgrade is performed.
Let us know how it works for you...