Support Announcements
HNAP stack overflow :: DIR-8xx Routers Affected : All Models have Remote Admin Disabled as Default

General :: Updated 12/07/2016 10:00AM PST

 

 D-Link continues to monitor the reported DHS vulnerability warning. Please note the issue is rare and may exist when the “remote administration” feature is turned on. All D-Link routers ship with “remote administration” off as the default setting which prevents the threat of this type of attack from the internet-side of the device.



As part of ongoing efforts to enhance security for our customers, future D-Link products will not include the HNAP protocol stack.
 


In the meantime, recommendations to help secure your wireless network include:

  • During router setup, change the default Wi-Fi security keys and administrator credentials.
  • This decreases risk, as the attack can only be launched from the Internet if the remote administration feature is turned on. Again, by default remote administration is turned off on all D-Link Routers.

 

NOTE:  To ensure your product has the latest security updates and operates at optimal performance, it is recommended you update your product to the latest firmware after installation and to periodically check for new firmware releases. Updates can be found by searching your model name at support.dlink.com  or though the mydlink mobile applications for mydlink registered devices. Customers are also notified of firmware updates via the mydlink.com portal.

 

Firmware updates and expected release dates to fix this issue are listed below.

 

Affected Products

 

  Model

HW version

Patched FW Version

Note

DIR-885L

A1

v1.12

Fix available here

DIR-895L

A1

v1.12

Fix available here

DIR-890L

A1

v1.11b01_beta01_g97i

Fix available here

DIR-880L

A1

v1.08WWb04

Fix available here

DIR-868L

A1

v1.12WWb04

Fix available here

DIR-868L

B1

After v2.05b01 beta FW

Fix available here

DIR-869

A1

After v1.03 beta FW

Fix available here

DIR-879

A1

After v1.04 beta FW

Fix available here

DIR-859

A1

After v1.06 beta FW

Fix available here

DIR-822 (Non-US)

A1

  Not Affected
DIR-822 (Non-US)
B1 After v2.03 beta 01
Fix available here
DIR-822-US
Cx After v2.02 WW beta 04 Fix Available Here
DIR-823 (Non-US) A1 After v1.00 beta 05
Fix available here
DIR-818L (Non-US) B1 After v2.05 beta 08 Fix available here