D-Link Forums
D-Link Range Extenders => DAP-1330 => Topic started by: FurryNutz on February 24, 2020, 12:56:24 PM
-
Firmware: v1.13 Build 01 Beta 02/20/2020 WW Region!
Overview
On January 3, 2020, Trend Micro's Zero Day Initiative (ZDI) research team submitted a HNAP Authentication Bypass Vulnerability that is logic flaw in the implementation of the HNAP login algorithm allowing an attacker to bypass authentication and reset the admin password
The DAP-1330 is a LAN-side WiFi-Extender with only access to the LAN (local area network) that it is connected.
3rd Party Report information
- Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI
- Reference :
- CVE-2020-8861
- ZDI-CAN-9554: D-Link DAP-1330 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
- Web digitalmunition :: https://bit.ly/2Vb0Jmc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155 (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155)
Revision Info:
¤Problems Resolved:
-Fix few issues on Chrome/IE browser.-Fix some IPv6 issue.
-Fix HT20/40 consistence issue.
-Fix potential security issue including WPA2 fixed.
-Fix management issue on Web page.
-ZDI-CAN-9554 - HNAP Authentication Implementation (chung96vn - SecurityResearcher of VinCSS (Member of Vingroup) working with Trend Micro ZeroDay Initiative)
Enhancements:
-Support IPv6.
-Support auto channel on Ethernet mode.
-Improve setup process.
-Disable 11d information.
-Improve Firmware upgrade process.
Get it here:
DAP-1330 (https://support.dlink.com/ProductInfo.aspx?m=DAP-1330)
NOTE: Follow the>FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)