• August 13, 2020, 01:22:38 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: KRACK Firmware Patch for DAP-1520 security issue  (Read 1241 times)

brunoaduarte

  • Level 1 Member
  • *
  • Posts: 5
KRACK Firmware Patch for DAP-1520 security issue
« on: April 26, 2018, 09:29:03 PM »

The security issue that was fixed on v1.09 (DAP-1520_REVA_FIRMWARE_PATCH_1.09.B01_BETA04) was not included on the latest KRACK patched firmware v1.10 (DAP-1520_REVA_FIRMWARE_PATCH_v1.10B04_BETA).

Code: [Select]
Firmware: v1.09.B01 [BETA04] Hardware: A1 Date: 2016/08/01
 
Note: None
 
Problems Resolved:
 
Fixed Security vulnerability listed below: 
 
 Added the ability to enable/disable PIN WPS - Discovered by: Cedric Conti  - Reported by:  Tommi Všnninen tommi@vanninen.orgi
 
 WPS PIN is disabled by default

That was an important fix, because this device is vulnerable to WPS attacks (Pixie Dust method).

Can you please include it on the release version of 1.10 ?

Thanks
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2511
Re: KRACK Firmware Patch for DAP-1520 security issue
« Reply #1 on: April 27, 2018, 06:47:08 AM »

Newer version firmware almost always has all the fixes/features of all the previous versions (i.e. v1.10 will have 1.09 and all older).

Were you told it does not have the fix?

Logged

brunoaduarte

  • Level 1 Member
  • *
  • Posts: 5
Re: KRACK Firmware Patch for DAP-1520 security issue
« Reply #2 on: April 27, 2018, 07:17:35 AM »

v1.09 has enable/disable WPS pin and PBC on Extended Wifi page, and WPS pin was disabled by default.
on v1.10 the options are gone, and WPS pin is ENABLED by default...



« Last Edit: April 27, 2018, 12:36:03 PM by brunoaduarte »
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2511
Re: KRACK Firmware Patch for DAP-1520 security issue
« Reply #3 on: April 27, 2018, 07:25:55 AM »

Ok I will send this to D-Link techs to investigate. Thanks for the information.

Logged

brunoaduarte

  • Level 1 Member
  • *
  • Posts: 5
Re: KRACK Firmware Patch for DAP-1520 security issue
« Reply #4 on: April 27, 2018, 12:36:35 PM »

Ok thanks, i updated the previous post with images from the configuration page.
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2511
Re: KRACK Firmware Patch for DAP-1520 security issue
« Reply #5 on: April 27, 2018, 01:52:53 PM »

What did you use to scan if the WPS-PIN was enabled?

Make sure you factory reset after updating to 1.10.
Logged

brunoaduarte

  • Level 1 Member
  • *
  • Posts: 5
Re: KRACK Firmware Patch for DAP-1520 security issue
« Reply #6 on: April 27, 2018, 02:57:04 PM »

There's a tool for linux that shows the status of WPS of the scanned router

Here's v1.09 scan



As you can see WPS is LOCKED

Here's v1.10 scan



WPS wide open
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2511
Re: KRACK Firmware Patch for DAP-1520 security issue
« Reply #7 on: April 27, 2018, 03:13:46 PM »

The tech let me know he finished testing. He will send this info to headquarters for the developers. Thanks again for posting this. I will post any new firmware here when released.

« Last Edit: April 27, 2018, 03:29:12 PM by GreenBay42 »
Logged