Firmware: v1.13 Build 01 Beta 02/20/2020 WW Region!
OverviewOn January 3, 2020, Trend Micro's Zero Day Initiative (ZDI) research team submitted a HNAP Authentication Bypass Vulnerability that is logic flaw in the implementation of the HNAP login algorithm allowing an attacker to bypass authentication and reset the admin password
The DAP-1330 is a LAN-side WiFi-Extender with only access to the LAN (local area network) that it is connected.
3rd Party Report information
- Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI
- Reference :
- CVE-2020-8861
- ZDI-CAN-9554: D-Link DAP-1330 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
- Web digitalmunition :: https://bit.ly/2Vb0Jmc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155Revision Info: ¤
Problems Resolved:-Fix few issues on Chrome/IE browser.-Fix some IPv6 issue.
-Fix HT20/40 consistence issue.
-Fix potential security issue including WPA2 fixed.
-Fix management issue on Web page.
-ZDI-CAN-9554 - HNAP Authentication Implementation (chung96vn - SecurityResearcher of VinCSS (Member of Vingroup) working with Trend Micro ZeroDay Initiative)
Enhancements:
-Support IPv6.
-Support auto channel on Ethernet mode.
-Improve setup process.
-Disable 11d information.
-Improve Firmware upgrade process.
Get it here:
DAP-1330NOTE: Follow the>
FW Update Process
Author
Topic: New - DAP-1330 v1.13B01 BETA - Official Security Release (Read 8080 times)