• January 18, 2021, 02:20:15 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  


This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-635 HNAP exploit  (Read 5235 times)


  • Level 1 Member
  • *
  • Posts: 1
DIR-635 HNAP exploit
« on: December 29, 2011, 06:53:16 AM »


My DIR-635 rev A1 with fw 1.09W got owned somewhere between 27 Nov and 20 Dec 2011 through the HNAP exploit

At first I was puzzled with how this was done - my router got reseted to factory default and my wifi was opened - since my wifi was secured with WPA it had to got done from the WAN.

After Googling for a known exploit, I found out about the HNAP exploit. I test the exploit myself and I my router was affected. I then refreshed the router Firmware page, in hope to find a new version, fixing this issue. No luck - the latest reported version was 1.09W. Honestly, why bother to have a page to check for new firmwares if it doesn't get accurate information? I knew that DIR-635 was discontinued but since it has an 11 years warranty, I figured I had the legitimate right to ask for a fix.

I didn't need to. Thanks to Google and a few searches I was able to find out that Dlink did in fact release version 1.11W, 1.12W and 1.13W, this last one fixing the HNAP exploit. It was a surprise to see that I missed a few versions despite the fact that I regularly checked for new firmware.

Also, DLINK is doing a very poor job disclosing new versions of the firmware. Most DLink support sites state that 1.09W is the latest firmware for the DIR-635 revA1. Definitely outdated information.  If it wasn't for our friends at Google, the DIR-635 was probably going to be use as a paperweight and Dlink scratched from my list.

DLink can do much better.

Another matter where DLink CAN and MUST do much MUCH better is disclosing what kind of information can be disclosed with this exploit. I had a DynDNS account configured, an SMTP account with authentication configured and WOULD like to be informed if this information was compromised or not.

I didn't have the time to fully test the exploit with HNAP0wn, so, my question is:

What kind of information gets disclosed?




  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49459
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-635 HNAP exploit
« Reply #1 on: December 30, 2011, 12:28:38 PM »

This product has been discontinued as of November 01, 2007 in the US. It may be available in other countries. We recommend that you check your local D-Link website.
Were you able to find the later versions of FW, if so then I would update to the lastest that you can find. This was an isolated insident and was fix however probably was not posted to the US site as they discontinued the product. Anyone needing help after that should call in and ask for the upated FW.

If the product isn't meeting your satisfaction then I would buy something newer as there are other DLink models out there that work well.

Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.