D-Link closes security hole in some of its routers - Update
According to a statement by D-Link, firmware updates for its DIR-635 (HW-Revision B), DIR-655 (HW-Revision A1-A4) and DIR-855 (HW-Revision A2) router models are now available to download to close the recently discovered hole in the Home Network Administration Protocol (HNAP) of these devices.
D-Link say they have also discovered issues with the discontinued DIR-615 (HW-Revision B1-B3), DI-634M (HW-Revision B1) and DIR-635 (HW-Revision A) models. A firmware update for the DIR-615 has been released, with updates for the DI-653-M and DIR-635 to follow in the coming weeks.
Last week, the SourceSec website reported that, aside from offering regular administrator access, the DI-524, DIR-628, DIR-655 and potentially further D-Link router models have a permanent HNAP connection which can be exploited by attackers.
According to a statement (german language link) from D-Link Germany, the router models DI-304, DI-524, DI-604, DI-624, DI-724GU, DI-804HV, DIR-100, DIR-300, DIR-301, DIR-320, DIR-600, DIR-615, DIR-685, DIR-825, DSL-2543B, DSL-2641B, DSL-2740B, DSL-2741B, DVA-G3342SD and DVA-G3342SB are not affected because they either don't use HNAP or testing showed this protocol wasn't accessible.