Support Announcements
DIR-822 :: H/W Rev. Bx :: (Korean) FW v.202KRb06 :: LAN-Side HNAP Buffer Overflow vulnerability



 On April 16, 2020, a 3rd party accused the DIR-822 Rev. Bx with Korean compliant firmware v.202KRb06 and older of a buffer overflow security vulnerability.

The vulnerability was confirmed, and a patch was issued to close the reported vulnerability. Please find the beta/hotfix release below.


 3rd Party Report information

Mingeun Kim :: pr0v3rbs _at_ kaist _dot_ ac _dot_ kr


         Report provided 


         - In the /HNAP1/SetClientInfo message in HNAP protocol.

         - The address element can make buffer overflow while executing 'udhcpd' command.


Affected Models


This report and fix are for DIR-822 sold in the Korean region and is not reported on any US available models.


Model Hardware Revision Affected FW Fixed FW Recommendation  Last Updated
DIR-822 All Bx Hardware Revisions .(non-US) v202KRb06 and Older
 vv2.02B07 K4N9 KR Beta Please Download and Update Device 05/27/2020



Regarding Security patch for your D-Link Devices


Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually, and we strongly recommend all users to install the relevant updates.


Please note that this is a device beta software, beta firmware, or hotfix release, which is still undergoing final testing before its official release. The beta software, beta firmware, or hotfix is provided on an "as is" and "as available" basis, and the user assumes all risk and liability for use thereof. D-Link does not offer any warranties, whether express or implied, as to the suitability or usability of the beta firmware. D-Link will not be liable for any loss, whether such loss is direct, indirect, special or consequential, suffered by any party due to their use of the beta firmware.


As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.