D-Link DWR-932 router is chock-full of security holes

The documented D-Link DWR-932 vulnerabilities affect the latest available firmware. Kim first responsibly disclosed them to the D-Link Security Incident Response Team in June, but after the company said early this month that they don’t have a schedule for a firmware release, he decided to go public with the details about some of the flaws.

In short, the firmware sports:

Two backdoor accounts with easy-to-guess passwords that can be used to bypass the HTTP authentication used to manage the router
A default, hardcoded Wi-Fi Protected Setup (WPS) PIN, as well as a weak WPS PIN generation algorithm
Multiple vulnerabilities in the HTTP daemon
Hardcoded remote Firmware Over The Air credentials
Lowered security in Universal Plug and Play, and more.

Source: D-Link DWR-932 router is chock-full of security holes – Help Net Security

This was reported in June but still not fixed

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com

Leave a Reply