• November 30, 2020, 09:45:39 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DIR-867-US Firmware v1.20 Build 10 Beta - Security Patch Released  (Read 2251 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49373
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Firmware: v1.20 B10 Beta   02/21/2020
Revision Info
Overview

On December 23, 2019, Trend Micro's Zero Day Initiative (ZDI) research team submitted two security-related issues (1) CVE-2020-8863 (ZDI ID: ZDI-CAN-9470) an HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass vulnerability and (2) CVE-2020-8864 (ZDI ID: ZDI-CAN-9471) an HNAP strncmp Incorrect Comparison Authentication Bypass vulnerability. These vulnerabilities are  logic flaws in the implementation of the HNAP allowing an LAN-Side attacker to bypass authentication and reset the admin password

3rd Party Report information
          - Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI

          - Reference :

            - CVE-2020-8863 :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8863

               -  ZDI-CAN-9470: D-Link Routers HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

             - CVE-2020-8864 :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8864

                - ZDI-CAN-9471: D-Link Multiple Routers HNAP strncmp Incorrect Comparison Authentication Bypass Vulnerability

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157

Get it here: NA Region
DIR-867-US

Please follow the> FW Update Process to ensure a good FW upgrade is performed.

Let us know how it works for you...


Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.