Security Experts:

Connect with us

Hi, what are you looking for?



D-Link Failed to Patch HNAP Flaws in Routers: Researcher

D-Link has failed to properly fix vulnerabilities affecting several router models, according to a researcher. The networking equipment manufacturer says it’s currently working on addressing the issues.

D-Link has failed to properly fix vulnerabilities affecting several router models, according to a researcher. The networking equipment manufacturer says it’s currently working on addressing the issues.

The vulnerabilities, related to the Home Network Administration Protocol (HNAP), were reported earlier this year by Samuel Huntley and Zhang Wei of Qihoo360. The issues identified by Huntley were later independently discovered by Craig Heffner, a vulnerability researcher at Tactical Network Solutions.D-Link DIR890L

According to security advisories published by D-Link, the vulnerabilities found by the researchers affect router models such as DAP-1522, DIR-629, DIR-300, DIR-600, DIR-645, DIR-815, DIR-816L, DIR-850L, and even the new DIR-890L.

The vulnerabilities can be exploited by an unauthenticated attacker for command injection through HNAP requests. A malicious actor could leverage the flaws to gain access to information on hosts connected to the network, change system settings, and reset the device to its factory settings.

HNAP is a protocol used for identifying, configuring and managing network devices. In the case of D-Link devices, HNAP is used by setup utilities for the initial configuration of the router.

D-Link has released firmware updates for some of the affected devices, including DIR-890L. However, after analyzing the patches, Heffner has determined that the issues have not been addressed.

“This patch does nothing to prevent unauthenticated users from executing completely valid administrative HNAP actions, because all it does is ensure that the HNAP action is valid. That’s right, their patch doesn’t even address all the bugs listed in their own security advisory!” Heffner said in a blog post.

D-Link says it’s working on fixing the flaws reported by researchers.

“Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are currently working to provide firmware updates to address these issues,” D-Link told SecurityWeek via email.

The company advises users to keep a close eye on the support news page for any updates.

Last month, researchers reported finding several vulnerabilities in D-Link routers, including DNS hijacking and command injection flaws. D-Link has released firmware updates to address those bugs.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.