D-Link Forums

D-Link Range Extenders => DAP-1330 => Topic started by: FurryNutz on February 24, 2020, 12:56:24 PM

Title: New - DAP-1330 v1.13B01 BETA - Official Security Release
Post by: FurryNutz on February 24, 2020, 12:56:24 PM

Firmware:   v1.13 Build 01 Beta   02/20/2020 WW Region!

Overview

On January 3, 2020, Trend Micro's Zero Day Initiative (ZDI) research team submitted a HNAP Authentication Bypass Vulnerability that is  logic flaw in the implementation of the HNAP login algorithm allowing an attacker to bypass authentication and reset the admin password

The DAP-1330 is a LAN-side WiFi-Extender with only access to the LAN (local area network) that it is connected.

3rd Party Report information
          - Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI

          - Reference :

            - CVE-2020-8861

            - ZDI-CAN-9554: D-Link DAP-1330 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

            - Web digitalmunition :: https://bit.ly/2Vb0Jmc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155 (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155)

Revision Info:   
¤Problems Resolved:
-Fix few issues on Chrome/IE browser.-Fix some IPv6 issue.
-Fix HT20/40 consistence issue.
-Fix potential security issue including WPA2 fixed.
-Fix management issue on Web page.
-ZDI-CAN-9554 - HNAP Authentication Implementation (chung96vn - SecurityResearcher of VinCSS (Member of Vingroup) working with Trend Micro ZeroDay Initiative)

Enhancements:
-Support IPv6.
-Support auto channel on Ethernet mode.
-Improve setup process.
-Disable 11d information.
-Improve Firmware upgrade process.

Get it here:
DAP-1330 (https://support.dlink.com/ProductInfo.aspx?m=DAP-1330)

NOTE: Follow the>FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)