Authentication bypass in D-Link DIR-850L
It is possible to bypass the WPA authentication of the D-Link DIR-850L wlan router. An attacker can join the network without the required credentials.
The D-Link DIR-850 wlan router will communicate to client that have not completed full a WPA handshake. The client can communicate with the router with IP packets on Data Frames without encryption. An attacker can join the network provided by the affected router without the required credentials, and mount further attacks to the users of the network.
The vulnerability was found by Tuomo Untinen of Synopsys Finland. NCSC-FI would like to thank the finder and D-Link for participating in the coordination.
- Embedded systems
- No authentication required
- Security bypass
- Software update patch
D-Link DIR-850L Rev. Ax Firmware v1.21B06 Beta and older
The has been fixed in Firmware v1.21b07.i9d9 release Sept. 14, 2018, which can be downloaded here:https://support.dlink.com/ProductInfo.aspx?m=DIR-850L (External link)
NCSC-FI Vulnerability Coordination can be contacted as follows:
Please quote the advisory reference [FICORA #1060226] in the subject line.
+358 295 390 230
Monday - Friday 08:00 – 16:15 (EET: UTC+3)
FICORA / NCSC-FI
P.O. Box 313
NCSC-FI encourages those who wish to communicate via email to make use of our PGP key. The PGP key as well as the vulnerability coordination principles of NCSC-FI are available at: