DIR-850L Rev. Ax & Bx :: Multiple Security Vulnerability Report

On September 8th, 2017, a news article reported zero-day flaws with D-Link DIR-850L routers.

 

D-Link immediately took actions to investigate the issues and endeavors to find the solutions to resolve the issues.

 

A firmware update is now available. 

 

This update requires a two-step process to upgrade the latest firmware and apply the security patches. 

 

Check the bottom label of your DIR-850L for the H/W Revision and please follow one of the following.

 

You will require a PC/Mac with a browser connected to internet through DIR-850L to perform the update successfully. 

 

For HW Rev. Ax (x is a number) please download the following files:

 

 DIR-850L_REVA_FIRMWARE_PATCH_v1.20B03.zip

       - Please unzip the downloaded file,

       - Open unzipped file folder

       - Open the DIR-850L_REVA_INSTRUCTIONS_v1.20B03.pdf and follow the instructions

For HW Rev. Bx (x is a number) please download the following files:

 

 DIR-850L_REVB_FIRMWARE_PATCH_v2.20B03.zip 

       - Please unzip the downloaded file,

       - Open unzipped file folder

       - Open the DIR-850L_REVB_INSTRUCTIONS_v2.20B03.pdf and follow the instructions 

 

Problems Resolved:

       - Firmware Protection

       - WAN && LAN - XSS exploit (CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416)

       - WAN - Weak Cloud protocol (CVE-2017-14419, CVE-2017-14420)

       - WAN && LAN - Stunnel private keys (CVE-2017-14422)

       - WAN && LAN - Nonce brute forcing for DNS configuration (CVE-2017-14423)

       - Local - Weak files permission and credentials stored in clear text

       (CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-14428)

       - LAN – DoS attack against some daemons (CVE-2017-14430)