The Graveyard - Products No Longer Supported > DIR-850L

DIR-850L Rev A FW v1.21 Build 07 Official Security Release - All Regions!

(1/1)

FurryNutz:
Firmware:   v1.21 B07   11/06//2018 All Regions!
Revision Info: Rev A Only!   

Problems Resolved:
On August 20, 2018,  D-Link was notified and began investigation with coordination froom NCSC-FI regarding a possible security vulnerability on the DIR-850L hardware revision A, that allows an attacker to bypass WiFi encryption and gain internet access via WiFi.

3rd Party Report information
Author: Tuomo Untinen of Synopsys of Finland

Coordination:  National Cyber Security Centre Finland (NCSC-FI)

Public Disclosure: https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-026.html

Details
We advise to read the Public Disclosure from the author.

The D-Link DIR-850 wlan router will communicate to client that have not completed full a WPA handshake. The client can communicate with the router with IP packets on Data Frames without encryption. An attacker can join the network provided by the affected router without the required credentials, and mount further attacks to the users of the network.

Known Issues:
None

Enhancements:
None

Get it here:
DIR-850L


Please follow the> FW Update Process to ensure a good FW upgrade is performed.

Let us know how it works for you...


FurryNutz:
Build 08 is new and available for Rev A.

v2.33. Build O3 is available for DIR-850L Rev B models.

Problems Resolved:
Report: A research report to D-Link has reported multiple routers (DIR-850L A1/B1, DIR-822 C1 and DIR-880L A1) with security vulnerabilities: Authenticated bypass and Authenticated RCE. 3rd Party Researcher: Henry Huang (happyholic1203 at gmail dot com)
1.Authentication bypass
2.Authenticated RCE


Navigation

[0] Message Index

Go to full version