An issue which affected D-Link’s routers is in the process of being patched, says the company.
It emerged last week that D-Link’s DIR-890L router suffers from a bug in its implementation of Home Network Administration Protocol that allowed authorisation to be bypassed. To make matters worse, according to analysis of the underlying code, a fix that purportedly resolved the issue may have left it dangling just as wide open.
D-Link has issued an official statement on the issue stating that it “is deeply apologetic to any users affected by this issue”.
D-Link has identified 17 different products that may be affected by the HNAP bug, stating that it is in the process of developing firmware updates to fix each and every one. A patch for the DIR-890L is already available, as is the DIR-880L. On the 21/4, D-Link expects to have firmware ready for the DIR-816L(A1), DIR-817LW(B1) and DIR-818LW(A1), while the 24th should see the remaining products — the DAP-1522(B1), DIR-860L(B1), DIR-629(A1), DIR-815(B1), DIR-860L(A1), DIR-865L(A1), DIR-868L(A1), DIR-820LW(B1), DIR-850L(A1), DIR-850L(B1), DIR-300(B1) and DIR-600(B1) — all patched.
In the meantime, D-Link’s recommendation is that “affected users are heavily encouraged to change their administrator passwords immediately to a strong password which includes a mix of numbers, letters, and symbols, as a further preventative measure against malicious network intrusions”.