Has anyone seen or tried the firmware fix for th HNAP vulnerability? D-Link has announced such a fix, I've been looking for it but can't find it. I've asked D-Link technical support, but their response was not helpful.
Backgroundhttp://www.pcworld.com/businesscenter/article/186996/dlink_issues_fixes_for_router_vulnerabilities.htmlThe above PC World article, titled
D-Link Issues Fixes for Router Vulnerabilities
describes a vulnerability whereby some D-Link routers (including DIR-615) have an insecure implementation of the Home Network Administration Protocol (HNAP), which could allow an unauthorized person to change a router's settings.
Apparently this vulnerability is easily exploited by an attacker on the local network and is more difficult to exploit (but still possible) from outside the local network. Note that the local network includes the D-Link wireless network, which is publicly accessible.
The article ends with:
D-Link said the models affected are the DIR-855 (version A2), DIR-655 (versions A1 to A4) and DIR-635 (version B). Three discontinued models -- DIR-615 (versions B1, B2 and B3), DIR-635 (version A) and DI-634M (version B1) -- are also affected.
Eric
Author
Topic: HNAP Firmware Update (Read 3706 times)