The Graveyard - Products No Longer Supported > DIR-855

DIR-855 ...Our scan has found your router vulnerable to attacks

(1/1)

rgoodpa1:
So do I need to replace my router?

D-Link  Dir-855

Description
Service is vulnerable to attacks from within your network.
Catalogue ID EDB-ID-15666
Details


Description
________________________________________
Our scan has found your router vulnerable to attacks. That is, the router contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.
Solution
________________________________________
Some of the vulnerabilities are patched in new versions of the device firmware. Therefore, applying the latest firmware update may solve the problem. Routers typically do not perform automatic updates, so the process requires appropriate patches to be manually downloaded and installed on the device. Consult your router's manual for instructions to download the latest firmware and apply it to your router.
Done incorrectly, this can make your router unusable. Therefore we recommend that this procedure is done only by very advanced users or computer technicians


D-Link router authentication bypass vulnerability
________________________________________
Severity: Medium
Reference: EDB-ID-15666
Description:
This vulnerability allows a remote attacker to gain control of several D-Link routers and your Internet connection. If you have Remote/WAN Management enabled on your router, or sufficient permissions when you visit any website that hosts specially crafted script (for example, by clicking the link or through some other mechanism such as redirection from a malicious site), the attacker can remotely utilize an HTTP request to bypass authentication on your router, execute arbitrary code with elevated privileges, and access all important and private data stored in the router -- your router login/password combination, your Wi-Fi password, and your configuration data.
Impact:
Any device connected to your network -- including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network -- may have an increased risk of compromise.
Recommendation:
To overcome this vulnerability, apply the firmware update that addresses the issue or replace the router.
Avast Wi-Fi Inspector supported alerts:
________________________________________
   Your router is infected
   Your wireless network is not secure
   Your wireless network password is weak
   Your router is set to a weak password
   Your router is accessible from the Internet
   Your router is vulnerable to network attacks

FurryNutz:
Link>Welcome!


* What Hardware version is your router? Look at sticker under the router case.
* Link>What Firmware version is currently loaded? Found on the routers web page under status.
* What region are you located?Please confirm that your router model is not the DIR-855L model.

Where are you getting this scan information from?

RYAT3:

--- Quote from: rgoodpa1 on May 10, 2017, 01:55:46 AM ---So do I need to replace my router?

Recommendation:
To overcome this vulnerability, apply the firmware update that addresses the issue or replace the router.


--- End quote ---

What's wrong with upgrading the f/w as recommend?

rgoodpa1:

--- Quote from: FurryNutz on May 10, 2017, 09:18:42 AM ---Link>Welcome!


* What Hardware version is your router? Look at sticker under the router case.
* Link>What Firmware version is currently loaded? Found on the routers web page under status.
* What region are you located?Please confirm that your router model is not the DIR-855L model.

Where are you getting this scan information from?

--- End quote ---

----------------------------------------------
H/W Ver 1.12
Current Firmware Version : 1.12
Current Firmware Date : 2008/10/17
Check Online Now for Latest Firmware Version : (Check Now)
        This firmware is the latest version.
USA east coast

It is DIR-855 model

Avast Premium smart scan

FurryNutz:
Ok, so since this router is about 10 years old, using the on board update checker won't work since D-Link removed it from there update services.
You can manually update though to v1.24:
http://forums.dlink.com/index.php?topic=54744.0

This is the last FW update for the model router.

Please follow this for applying the update:
Link> >FW Update Process

* Was the router working before any firmware updates?

Navigation

[0] Message Index

Go to full version