D-Link Wireless Router Vulnerability

Never update the firmware of a wireless router over a wireless connection - always connect a network cable between the computer and the router and update the firmware over that link. The D-Link page to download firmware updates is here.

Aaron Portnoy and Keefe Johnson has reported a vulnerability in D-Link Wireless Access Point, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the handling of fragmented UDP packets. This may be exploited to cause the device to terminate connections or reboot via certain specially crafted UDP packets.

The vulnerability has been reported in the following products:

D-Link DI-524 Wireless Router (firmware version 3.20 August 18, 2005).
D-Link DI-624 Wireless Router.
D-Link DI-784.

Solution: The vulnerability has reportedly been fixed in the latest firmware.

[Continue reading Secunia Advisory SA18833]

[tags]wireless,security,upgrade,vulnerability,remote,router,d-link,dos,firmware,denial of service,weakness,udate,di-524,di-624,di-784,sa18833[/tags]