According to a account by D-Link, firmware updates for its DIR-635 (HW-Revision B), DIR-655 (HW-Revision A1-A4) and DIR-855 (HW-Revision A2) router models are now accessible to download to abutting the recently discovered hole in the Home Network Administration Protocol (HNAP) of these devices.
D-Link say they have also discovered issues with the discontinued DIR-615 (HW-Revision B1-B3), DI-634M (HW-Revision B1) and DIR-635 (HW-Revision A) models. A firmware update for the DIR-615 has been released, with updates for the DI-653-M and DIR-635 to follow in the coming weeks.
The updated firmware is available from www.dlink.de currently and will be available on the www.dlink.co.uk site within the next few days.
Last week, the SourceSec website reported that, aside from offering regular administrator access, the DI-524, DIR-628, DIR-655 and potentially further D-Link router models have a permanent HNAP connection which can be exploited by attackers.
According to a statement (german language link) from D-Link Germany, the router models DI-304, DI-524, DI-604, DI-624, DI-724GU, DI-804HV, DIR-100, DIR-300, DIR-301, DIR-320, DIR-600, DIR-615, DIR-685, DIR-825, DSL-2543B, DSL-2641B, DSL-2740B, DSL-2741B, DVA-G3342SD and DVA-G3342SB are not affected because they either don’t use HNAP or testing showed this protocol wasn’t accessible.
Update – UK D-Link site.updates for the DIR-615, DIR-635, DIR-655 and DIR-855 are now available from the