D-Link Range Extenders > DAP-1330

New - DAP-1330 v1.13B01 BETA - Official Security Release

(1/1)

FurryNutz:
Firmware:   v1.13 Build 01 Beta   02/20/2020 WW Region!

Overview

On January 3, 2020, Trend Micro's Zero Day Initiative (ZDI) research team submitted a HNAP Authentication Bypass Vulnerability that is  logic flaw in the implementation of the HNAP login algorithm allowing an attacker to bypass authentication and reset the admin password

The DAP-1330 is a LAN-side WiFi-Extender with only access to the LAN (local area network) that it is connected.

3rd Party Report information
          - Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI

          - Reference :

            - CVE-2020-8861

            - ZDI-CAN-9554: D-Link DAP-1330 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

            - Web digitalmunition :: https://bit.ly/2Vb0Jmc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155

Revision Info:   
¤Problems Resolved:
-Fix few issues on Chrome/IE browser.-Fix some IPv6 issue.
-Fix HT20/40 consistence issue.
-Fix potential security issue including WPA2 fixed.
-Fix management issue on Web page.
-ZDI-CAN-9554 - HNAP Authentication Implementation (chung96vn - SecurityResearcher of VinCSS (Member of Vingroup) working with Trend Micro ZeroDay Initiative)

Enhancements:
-Support IPv6.
-Support auto channel on Ethernet mode.
-Improve setup process.
-Disable 11d information.
-Improve Firmware upgrade process.

Get it here:
DAP-1330

NOTE: Follow the>FW Update Process

Navigation

[0] Message Index