On August 20, 2018, D-Link was notified and began investigation with coordination froom NCSC-FI regarding a possible security vulnerability on the DIR-850L hardware revision A, that allows an attacker to bypass WiFi encryption and gain internet access via WiFi.
3rd Party Report information
Author: Tuomo Untinen of Synopsys of Finland
Coordination: National Cyber Security Centre Finland (NCSC-FI)
Public Disclosure: https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-026.html
Details
We advise to read the Public Disclosure from the author.
The D-Link DIR-850 wlan router will communicate to client that have not completed full a WPA handshake. The client can communicate with the router with IP packets on Data Frames without encryption. An attacker can join the network provided by the affected router without the required credentials, and mount further attacks to the users of the network.
Affected Products and Fixes:
| Model |
Revision |
Affected FW |
Fixed FW |
Last Updated |
| DIR-850L |
All Revision A |
v1.21B06_Beta and older |
v1.21B07 |
11/06/2018 |
Regarding Security patch for your D-Link Devices
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.