D-Link issues fixes for router vulnerabilities

[Peaches]

My D-Link I believe has been hacked so anyone with a D-Link router should check to be sure their router gets the suggested patch.

D-Link issues fixes for router vulnerabilities

Using a software tool, hackers could get access to a router's administrative interface

By Jeremy Kirk, IDG News Service

January 15, 2010 11:31 AM ET

Router manufacturer D-Link admitted Friday that some of its routers have a vulnerability that could allow hackers access to a device's administrative settings, but it has issued patches. According to a Jan. 9 blog post from SourceSec Security Research, some D-Link routers have an insecure implementation of the Home Network Administration Protocol (HNAP), which could allow an unauthorized person to change a router's settings.

The Top 5 Best Practices for Managing Mobility Within Your Enterprise: View now SourceSec published a proof-of-concept software tool called HNAP0wn that would enable the hack -- a move that D-Link criticized.

"By publicizing their tool and giving specific instructions, the authors of the report have publicly outlined how the security can be breached, which could have had serious repercussions for our customers," D-Link said in a statement.

Related Content

D-Link said it only appeared possible to hack the routers using the software tool and not just with stand-alone code.

D-Link and SourceSec differed over which models were vulnerable. SourceSec wrote that it suspected that all D-Link routers made since 2006 with HNAP support were affected, but they said they had not tested all of them.

D-Link said the models affected are the DIR-855 (version A2), DIR-655 (versions A1 to A4) and DIR-635 (version . Three discontinued models -- DIR-615 (versions B1, B2 and B3), DIR-635 (version A) and DI-634M (version B1) -- are also affected.

The company said new firmware updates are being made available across its Web sites.

http://www.pcworld.c...rabilities.html