D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-825 => Topic started by: GreenApple on February 02, 2010, 06:04:12 PM
-
Which version of the firmware is "Safe" from the HNAP vulnerability?
I have version A1 of the DIR-825 with the original 1.01 firmware. I have been reading the forums for over six months waiting for a stable firmware that the community agrees on. I understand that there may still be some issues with v1.13 (such as reporting wireless clients) but is this the only version that prevents the HNAP issue? If so, it may be time to upgrade.
Thanks for your help.
-
There is probably a POC out that you can do your own testing with to see for yourself if 1.01 is safe http://www.sourcesec.com/Lab/dlink_hnap_captcha.pdf (http://www.sourcesec.com/Lab/dlink_hnap_captcha.pdf) I think the captcha addition in 1.10 was attempting to address the HNAP weakness, but even with the captcha it has been proven to be insecure. Firmware 1.13 claims to be secure, but also comes with many bugs. Many who refuse to update from 1.01 for obvious reasons, say the HNAP problem is only LAN side, but you risk visiting a webpage with scripts trying to run LAN side exploiting it and taking over your router remotely. So bugs(1.13)...or risk exploitation(1.0x-1.12)...it may take a long while to get back to the stability that 1.0x firmwares provide, but at least with 1.13 you know it's safe.