Posted on Tuesday, January 19 2010 @ 15:31 CET by Thomas De Maesschalck
D-Link has issued firmware upgrades for some of its routers, the update resolves a vulnerability that could allow hackers to change the device's administrative settings.
According to a Jan. 9 blog post from SourceSec Security Research, some D-Link routers have an insecure implementation of the Home Network Administration Protocol (HNAP), which could allow an unauthorized person to change a router's settings.
SourceSec published a proof-of-concept software tool called HNAP0wn that would enable the hack -- a move that D-Link criticized.
The company says the following models are affected:
DIR-855 (version A2)
DIR-655 (versions A1 to A4)
DIR-635 (version B)
DIR-615 (versions B1, B2 and B3)
DIR-635 (version A)
DI-634M (version B1)