D-Link Forums
D-Link Wireless Routers for Home and Small Business => DIR-882 => Topic started by: FurryNutz on April 14, 2021, 06:52:15 PM
-
Firmware: v1.30 B06 Beta 01 04/08/2021
Revision Info
Overview
On October 2, 2020, a 3rd party security researcher from Trend Micro, the Zero Day Initiative (ZDI) submitted a report accusing the DIR-882 using firmware v1.30B06 of a LAN-side Stack-based Buffer Overflow (RCE) exploit. The Vulnerability is under investigation, if the vulnerability confirmed, a patch will be issued to close the reported issue.
3rd Party Report information
- Report provided: Trend Micro, the Zero Day Initiative (ZDI :: zdi-disclosures _at_ trendmicro _dot_ com
- Reference : To Be Post upon author's public disclosure
- The attack is affective on LAN-side of device only, since HNAP is a LAN-side protocol which is not exposed to the internet, An unauthenticated stack buffer overflow in the HNAP service due to the use of `strcat` to copy attacker-controlled POST request data to a 0x200-byte stack buffer when the User-Agent string is set to "Edge".
Get it here: NA Region
DIR-882-US (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10215)
Please follow the> FW Update Process (http://forums.dlink.com/index.php?topic=42457.0) to ensure a good FW upgrade is performed.
Let us know how it works for you...