• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10061
D-Link Router UPnP Buffer Overflow
Publication ID: SAP10061
Resolved Status: Partial
Published on: 17 July 2015 4:25 GMT
Last updated on: 11 November 2017 1:13 GMT

 Overview

Several of D-Link's Wireless Routers contains a buffer overflow and command injection vulnerability involving UPnP/HNAP.  This vulnerability has been identified and reported to D-Link by a security researcher.

 

References

Samuel Huntley - Contact : Link

 
 

Description

Several D-Link routers suffer from a buffer overflow vulnerability involving UPnP.


This attack requires having access to the LAN of the router or the assistance of a local user.  Cross-Site Request Forgery may allow a remote attacker to take advantage of an unsuspecting victim.


D-Link recommends of strong wireless keys to help prevent unauthorized users on your network.

 

 

 

Affected Product

 

Model Name

HW Version

Vulnerable FW Versions

Current FW Versions   (include fixes)
DIR-601  B1  

 Under Investigation


(Updated: 07/17/2015)
DIR-645  A1   v. 1.05b01 and older

FW ETA 07/31/2015

FW: 1.06B01

Release Notes: Link


(Updated: 07/17/2015)
DIR-815  B1  v. 2.04b01 and older

 FW ETA 07/31/2015

FW: 2.05B01

Release Notes: Link

 

(Updated: 07/17/2015)
DIR-817LW  A1  v. 1.06b04 and older

 FW: 1.04b02

Release Notes: Link

 

(Updated: 07/17/2015)
DIR-818LW  B1  v. 1.04FBb01 and older

 FW: 2.05b03

Release Notes: Link

 

(Updated: 07/17/2015)
DIR-825

C1

 

 Under Investigation


(Updated: 07/17/2015)
DIR-880L  A1  v. 1.04WWb01 and older

 FW: 1.05wwb01_f73b

Release Notes: Link

 

(Updated: 07/17/2015)
DIR-880L  A1  1.04FBb01 and older

 FW: 1.05fbb01_f76i

Release Notes: Link

 

(Updated: 07/17/2015)
DIR-890L  A1  1.06b04 and older

 FW: 1.07B011

Release Notes: Link

 

(Updated: 07/17/2015)

 

 

Security patch for your D-Link Devices

 

These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.