D-Link Addresses Non-Unique Certificates and SSH Private Key Vulnerability
23 rujna, 2016
Overview
It has been reported that a security issue regarding the authentication of the non-unique certificated and SSH private keys used in networking product from multiple vendors. After investigation, D-Link has been working hard to provide updated firmwares for products that are affected.
References
- https://www.kb.cert.org/vuls/id/566724
- http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
General Recommendations
Immediately update to latest firmware available for affected product. For routers, not to open the remote management function if it is not required.
Affected Products
Firmware updates has already been released for the below products that are available in Europe. All firmware versions later than the below stated are not affected by this vulnerability.
Model Name |
FW Version |
DCS-935L H/W vers. A | 1.08.06 released February 2016 |
DIR-810L H/W vers. A1 | 1.03b01 beta released September 2016 |
DIR-810L H/W vers. B1 | 2.04b01_beta released September 2016 |
DIR-810L H/W vers. C1 | 3.01b01_beta released September 2016 |
DIR-818LW H/W vers. A1 | 1.05 released June 2016 |
DIR-818LW H/W vers. B1 | 2.05b03 released June 2016 |
DIR-850L H/W vers. A1 | 1.14 released April 2016 |
DIR-865L H/W vers. A1 | 1.08 released May 2016 |
DIR-880L H/W vers. A1 | 1.05b02 released April 2016 |
DIR-890L H/W vers. A1 | 1.11b01 released September 2016 |
DIR-869 H/W vers. A1 | 1.02b06 released April 2016 |
DIR-879 H/W vers. A1 | 1.03 released March 2016 |