On September 8th, 2017, a news article reported zero-day flaws with D-Link DIR-850L routers.
D-Link immediately took actions to investigate the issues and endeavors to find the solutions to resolve the issues.
A firmware update is now available.
This update requires a two-step process to upgrade the latest firmware and apply the security patches.
Check the bottom label of your DIR-850L for the H/W Revision and please follow one of the following.
You will require a PC/Mac with a browser connected to internet through DIR-850L to perform the update successfully.
For HW Rev. Ax (x is a number) please download the following files:
DIR-850L_REVA_FIRMWARE_PATCH_v1.20B03.zip
- Please unzip the downloaded file,
- Open unzipped file folder
- Open the DIR-850L_REVA_INSTRUCTIONS_v1.20B03.pdf and follow the instructions
For HW Rev. Bx (x is a number) please download the following files:
DIR-850L_REVB_FIRMWARE_PATCH_v2.20B03.zip
- Please unzip the downloaded file,
- Open unzipped file folder
- Open the DIR-850L_REVB_INSTRUCTIONS_v2.20B03.pdf and follow the instructions
Problems Resolved:
- Firmware Protection
- WAN && LAN - XSS exploit (CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416)
- WAN - Weak Cloud protocol (CVE-2017-14419, CVE-2017-14420)
- WAN && LAN - Stunnel private keys (CVE-2017-14422)
- WAN && LAN - Nonce brute forcing for DNS configuration (CVE-2017-14423)
- Local - Weak files permission and credentials stored in clear text
(CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-14428)
- LAN – DoS attack against some daemons (CVE-2017-14430)
If you ever run into any issues, we advise that you take advantage of our support program. By visiting support.dlink.com you will be able to access FAQ's, firmware upgrades, and user manuals. In the United States, you can also contact our technical support team by calling 1-877-453-5465 to get upgrade help
D-Link Customer Help
customerhelp@dlink.com