Overview
Several of D-Link's Wireless Routers contains a buffer overflow and command injection vulnerability involving UPnP/HNAP. This vulnerability has been identified and reported to D-Link by a security researcher.
References
Samuel Huntley - Contact : Link
Description
Several D-Link routers suffer from a buffer overflow vulnerability involving UPnP.
This attack requires having access to the LAN of the router or the assistance of a local user. Cross-Site Request Forgery may allow a remote attacker to take advantage of an unsuspecting victim.
D-Link recommends of strong wireless keys to help prevent unauthorized users on your network.
Affected Product
Model Name
|
HW Version
|
Vulnerable FW Versions
|
Current FW Versions (include fixes)
|
DIR-601 |
B1 |
|
Under Investigation
(Updated: 07/17/2015)
|
DIR-645 |
A1 |
v. 1.05b01 and older |
FW ETA 07/31/2015
FW: 1.06B01
Release Notes: Link
(Updated: 07/17/2015)
|
DIR-815 |
B1 |
v. 2.04b01 and older |
FW ETA 07/31/2015
FW: 2.05B01
Release Notes: Link
(Updated: 07/17/2015)
|
DIR-817LW |
A1 |
v. 1.06b04 and older |
FW: 1.04b02
Release Notes: Link
(Updated: 07/17/2015)
|
DIR-818LW |
B1 |
v. 1.04FBb01 and older |
FW: 2.05b03
Release Notes: Link
(Updated: 07/17/2015)
|
DIR-825 |
C1
|
|
Under Investigation
(Updated: 07/17/2015)
|
DIR-880L |
A1 |
v. 1.04WWb01 and older |
FW: 1.05wwb01_f73b
Release Notes: Link
(Updated: 07/17/2015)
|
DIR-880L |
A1 |
1.04FBb01 and older |
FW: 1.05fbb01_f76i
Release Notes: Link
(Updated: 07/17/2015)
|
DIR-890L |
A1 |
1.06b04 and older |
FW: 1.07B011
Release Notes: Link
(Updated: 07/17/2015)
|
Security patch for your D-Link Devices
These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.