D-Link Wireless Routers for Home and Small Business > DIR-882

New - DIR-882-US Firmware v1.30 Build 06 Beta 01 - Official FW Hotfix Release

(1/1)

FurryNutz:
Firmware: v1.30 B06 Beta 01   04/08/2021
Revision Info
Overview

On October 2, 2020, a 3rd party security researcher from Trend Micro, the Zero Day Initiative (ZDI) submitted a report accusing the DIR-882 using firmware v1.30B06 of a LAN-side Stack-based Buffer Overflow (RCE) exploit.   The Vulnerability is under investigation, if the vulnerability confirmed, a patch will be issued to close the reported issue. 

3rd Party Report information

          - Report provided: Trend Micro, the Zero Day Initiative (ZDI :: zdi-disclosures _at_ trendmicro _dot_ com

          - Reference : To Be Post upon author's public disclosure

          - The attack is affective on LAN-side of device only, since HNAP is a LAN-side protocol which is not exposed to the internet, An unauthenticated stack buffer overflow in the HNAP service due to the use of `strcat` to copy attacker-controlled POST request data to a 0x200-byte stack buffer when the User-Agent string is set to "Edge".


Get it here: NA Region
DIR-882-US

Please follow the> FW Update Process to ensure a good FW upgrade is performed.

Let us know how it works for you...

Navigation

[0] Message Index