DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
June 20, 2019 
Main Menu
News archives

Who's Online
There are currently 190 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

D-Link apologizes for ongoing security issues with its routers

Posted on Tuesday, April 21 2015 @ 13:41:49 CEST by

D-Link issued an apology for the poor security of many of its routers. An ongoing security issue allows attackers to exploit a bug in the Home Network Administration Protocol (HNAP) to bypass authorization and run commands with escalated privileges. D-Link recently issued one patch which didn't work and is now working on a firmware patch for a total of 17 routers.

In a statement on its website, D-Link explains it "is deeply apologetic to any users affected by this issue" and advised users to change their admin password and implement a strong password policy.
The HNAP issue affects DIR-890L (A1), DIR-880L (A1), DIR-868L (A1), DIR-865L (A1), DIR-860L (B1), DIR-860L (A1), DIR-850L (B1), DIR-850L (A1), DIR-820LW (B1), DIR-818LW (A1), DIR-817LW (B1), DIR-816L (A1), DIR-815 (B1), DIR-600 (B1), DIR-300 (B1), DIR-629 (A1), and DAP-1522 (B1). The problem is listed on D-Link's support pages where it is described thusly:

All any attacker needs to do to gain access to the router sends an unprivileged HNAP command such as GetDeviceSettings, they append to the command an additional command separated with an "/", which is used as a separator between commands.

Any command(s) after the first will be executed unauthenticated. Additionally, additional commands will be passed directly to the underlying Linux system, allowing the injection of arbitrary system commands. The GetDeviceSettings HNAP Command is used to indicate some very common parameters (e.g. the domain name of the HNAP device), as well as to define which HNAP commands are available.
Via: FUD Zilla



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba