Front Page: NCSC-FI
Go to Search

Authentication bypass in D-Link DIR-850L

Vulnerability26/2018

It is possible to bypass the WPA authentication of the D-Link DIR-850L wlan router. An attacker can join the network without the required credentials.

The D-Link DIR-850 wlan router will communicate to client that have not completed full a WPA handshake. The client can communicate with the router with IP packets on Data Frames without encryption. An attacker can join the network provided by the affected router without the required credentials, and mount further attacks to the users of the network.

Vulnerability coordination:

The vulnerability was found by Tuomo Untinen of Synopsys Finland. NCSC-FI would like to thank the finder and D-Link for participating in the coordination.

Target

  • Embedded systems

Attack vector

  • Remote
  • No authentication required

Impact

  • Security bypass

Remediation

  • Software update patch

Vulnerable software

D-Link DIR-850L Rev. Ax Firmware v1.21B06 Beta and older

Possible solutions

The has been fixed in Firmware v1.21b07.i9d9 release Sept. 14, 2018, which can be downloaded here:https://support.dlink.com/ProductInfo.aspx?m=DIR-850L (External link)

Contact Information

NCSC-FI Vulnerability Coordination can be contacted as follows:

Email: vulncoord@ficora.fi

Please quote the advisory reference [FICORA #1060226] in the subject line.

Telephone:
+358 295 390 230
Monday - Friday 08:00 – 16:15 (EET: UTC+3)

Post:
Vulnerability Coordination
FICORA / NCSC-FI
P.O. Box 313
FI-00561 Helsinki
FINLAND

NCSC-FI encourages those who wish to communicate via email to make use of our PGP key. The PGP key as well as the vulnerability coordination principles of NCSC-FI are available at:

Additional information

Originally published 7.11.2018 time 16:39 Update on 07.11.2018 time 17:31 Added link to D-Link advisory