D-Link Forums
D-Link Range Extenders => DAP-1860 => Topic started by: GreenBay42 on November 13, 2019, 11:24:12 AM
-
On September 30, 2019, D-Link became aware of a 3rd Party security researcher that accused the DAP-1860 Hardware Rev. Ax of a command injection security flaw that may lead To unauthenticated remote code execution (RCE) security vulnerability. The devices is deployed LAN-side or in-home and does not require internet services, this does reduce some risk since a malicious user or attack would have to be with-in physical proximity and be able to connect to the DAP-1860 WiFi signal that has WiFi encryption on as default.
As D-Link investigated, and validated the report, and in coordination with the 3rd Party we have release the following Beta Hot-Fix. We recommend always to keep up-to-date firmware which can be found at https://support.dlink.com/ProductInfo.aspx?m=DAP-1860 (https://support.dlink.com/ProductInfo.aspx?m=DAP-1860)
The Beta Hot-Fix has been through the required cyber-security testing and software quality assurance for the specific issue. This releases has not been through a complete cycle, nor will it be released as a fully qualified software release.
FIRMWARE - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DAP-1860/REVA/DAP-1860_REVA_FIRMWARE_v1.04B03_HOTFIX.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DAP-1860/REVA/DAP-1860_REVA_FIRMWARE_v1.04B03_HOTFIX.zip)
SOURCE - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135 (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135)