D-Link router vulnerability detailed

Researchers at Synopsys Software Integrity Research Center are recommending those using the D-Link DIR-850L wireless router immediately update its firmware to patch a vulnerability that could allow an unauthorized person to join the network.

The issue, CVE-2018-18907, is an authentication flaw affecting routers with hardware revision A and firmware version 1.21B06 Beta and older. Essentially, if exploited an attacker can join the router’s network without any credentials. This is possible because the vulnerability allows the attacker to skip the four-way WPA handshake used to establish encryption parameters and validate ownership of the access points’ pre-shared key, and proceed directly to unencrypted communications, Synopsis said.

"Once joined to that network, the user would have access to all services, computers, and devices available to any other user on that network," Synopsys said.

The firmware patch can be found here.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.