Patch your D-Link Router

Handruin

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,920
Location
USA
I checked my router last night and it said no new firmware available. I went to dlink's website and there were three newer versions. I took the latest, but even then it was late last year. Maybe they still haven't released a fix for it yet?

Thanks for pointing this out.
 
Handruin

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,920
Location
USA
I read through the comments and it seems other people also cannot find it. It looks to be available on their foreign website of dlink.de if you read the last comment.
 
F

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
It got the Feds attention. This was in my daily DHS Cyber Report email:
DHS Daily Cyber Report 20 January 2010 said:
BOFH-making bug plugged in D-link update: D-Link has plugged a security vulnerability involving protocol handling by some of its wireless routers that creates a potential means for normal users to grab super-user privileges. The network manufacturer issued a firmware update that addresses a recently discovered bug in how its networking devices handle the Home Network Administration Protocol (HNAP). The flaw meant that the devices offered a shadow connection outside of the regular administrative access channel. This permanent unauthorised connection might be exploited by miscreants to assume admin privileges and change router settings, and might also be used to bypass CAPTCHA login features introduced by D-Link in recent firmware upgrades. Successful exploitation requires valid login credentials, so the flaw is a privilege elevation risk rather than something more serious. [Date: 20 January 2010; Source: http://www.theregister.co.uk/2010/01/20/d_link_security_update/]
Click to expand...
 
You must log in or register to reply here.
Top