In association with heise online

19 January 2010, 16:24

D-Link closes security hole in some of its routers - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a statement by D-Link, firmware updates for its DIR-635 (HW-Revision B), DIR-655 (HW-Revision A1-A4) and DIR-855 (HW-Revision A2) router models are now available to download to close the recently discovered hole in the Home Network Administration Protocol (HNAP) of these devices.

D-Link say they have also discovered issues with the discontinued DIR-615 (HW-Revision B1-B3), DI-634M (HW-Revision B1) and DIR-635 (HW-Revision A) models. A firmware update for the DIR-615 has been released, with updates for the DI-653-M and DIR-635 to follow in the coming weeks.

The updated firmware is available from currently and will be available on the site within the next few days.

Last week, the SourceSec website reported that, aside from offering regular administrator access, the DI-524, DIR-628, DIR-655 and potentially further D-Link router models have a permanent HNAP connection which can be exploited by attackers.

According to a statement (german language link) from D-Link Germany, the router models DI-304, DI-524, DI-604, DI-624, DI-724GU, DI-804HV, DIR-100, DIR-300, DIR-301, DIR-320, DIR-600, DIR-615, DIR-685, DIR-825, DSL-2543B, DSL-2641B, DSL-2740B, DSL-2741B, DVA-G3342SD and DVA-G3342SB are not affected because they either don't use HNAP or testing showed this protocol wasn't accessible.

Update - Firmware updates for the DIR-615, DIR-635, DIR-655 and DIR-855 routers are now available from the UK D-Link site.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit