Support Announcements
DIR-850L ::H/W Revision A :: CVE-2018-18907 - WiFi encryption bypass

On August 20, 2018,  D-Link was notified and began investigation with coordination froom NCSC-FI regarding a possible security vulnerability on the DIR-850L hardware revision A, that allows an attacker to bypass WiFi encryption and gain internet access via WiFi.


3rd Party Report information


Author: Tuomo Untinen of Synopsys of Finland

Coordination:  National Cyber Security Centre Finland (NCSC-FI)

Public Disclosure:




We advise to read the Public Disclosure from the author.

The D-Link DIR-850 wlan router will communicate to client that have not completed full a WPA handshake. The client can communicate with the router with IP packets on Data Frames without encryption. An attacker can join the network provided by the affected router without the required credentials, and mount further attacks to the users of the network.


Affected Products and Fixes:


Model Revision Affected FW Fixed FW  Last Updated
DIR-850L All Revision A v1.21B06_Beta and older v1.21B07 11/06/2018



Regarding Security patch for your D-Link Devices
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.