D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-615 => Topic started by: Eric Nepean on January 31, 2010, 08:47:21 AM

Title: HNAP Firmware Update
Post by: Eric Nepean on January 31, 2010, 08:47:21 AM

Has anyone seen or tried the firmware fix for th HNAP vulnerability? D-Link has announced such a fix, I've been looking for it but can't find it. I've asked D-Link technical support, but their response  was not helpful.

Background
http://www.pcworld.com/businesscenter/article/186996/dlink_issues_fixes_for_router_vulnerabilities.html (http://www.pcworld.com/businesscenter/article/186996/dlink_issues_fixes_for_router_vulnerabilities.html)

The above PC World article, titled

Quote

D-Link Issues Fixes for Router Vulnerabilities

  describes a vulnerability whereby some D-Link routers (including DIR-615) have an insecure implementation of the Home Network Administration Protocol (HNAP), which could allow an unauthorized person to change a router's settings.

Apparently this vulnerability is easily exploited by an attacker on the local network and is more difficult to exploit (but still possible) from outside the local network. Note that the local network includes the D-Link wireless network, which is publicly accessible.

The article ends with:

Quote

D-Link said the models affected are the DIR-855 (version A2), DIR-655 (versions A1 to A4) and DIR-635 (version B). Three discontinued models -- DIR-615 (versions B1, B2 and B3), DIR-635 (version A) and DI-634M (version B1) -- are also affected.

Eric