D-Link router vulnerability detailed

News by Doug Olenick

Researchers at Synopsys Software Integrity Research Center are recommending those using the D-Link DIR-850L wireless router immediately update its firmware to patch a vulnerability that could allow an unauthorised person to join the network.

Researchers at Synopsys Software Integrity Research Center are recommending those using the D-Link DIR-850L wireless router immediately update its firmware to patch a vulnerability that could allow an unauthorised person to join the network.

The issue, CVE-2018-18907, is an authentication flaw affecting routers with hardware revision A and firmware version 1.21B06 Beta and older. Essentially, if exploited an attacker can join the router’s network without any credentials. This is possible because the vulnerability allows the attacker to skip the four-way WPA handshake used to establish encryption parameters and validate ownership of the access points’ pre-shared key, and proceed directly to unencrypted communications, Synopsis said.

"Once joined to that network, the user would have access to all services, computers, and devices available to any other user on that network," Synopsys said.

The firmware patch can be found here.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events