D-Link Forums

D-Link Range Extenders => DAP-1860 => Topic started by: GreenBay42 on November 13, 2019, 11:24:12 AM

Title: DAP-1860 Rev A Firmware 1.04B03 Security Hotfix Released
Post by: GreenBay42 on November 13, 2019, 11:24:12 AM
On September 30, 2019, D-Link became aware of a 3rd Party security researcher that accused the DAP-1860 Hardware Rev. Ax of a command injection security flaw that may lead To unauthenticated remote code execution (RCE) security vulnerability.  The devices is deployed LAN-side or in-home and does not require internet services, this does reduce some risk since a malicious user or attack would have to be with-in physical proximity and be able to connect to the DAP-1860 WiFi signal that has WiFi encryption on as default.

As D-Link investigated, and validated the report, and in coordination with the 3rd Party we have release the following Beta Hot-Fix. We recommend always to keep up-to-date firmware which can be found at https://support.dlink.com/ProductInfo.aspx?m=DAP-1860 (https://support.dlink.com/ProductInfo.aspx?m=DAP-1860)

The Beta Hot-Fix has been through the required cyber-security testing and software quality assurance for the specific issue.  This releases has not been through a complete cycle, nor will it be released as a fully qualified software release.


SOURCE - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135 (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135)