D‑Link Addresses Non‑Unique Certificates and SSH Private Key Vulnerability

23 septiembre, 2016

Overview

It has been reported that a security issue regarding the authentication of the non-unique certificated and SSH private keys used in networking product from multiple vendors. After investigation, D-Link has been working hard to provide updated firmwares for products that are affected.

References

  • https://www.kb.cert.org/vuls/id/566724
  • http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html 

General Recommendations

Immediately update to latest firmware available for affected product. For routers, not to open the remote management function if it is not required.

Affected Products

Firmware updates has already been released for the below products that are available in Europe. All firmware versions later than the below stated are not affected by this vulnerability.

Model Name

FW Version 

DCS-935L H/W vers. A 1.08.06 released February 2016
DIR-810L H/W vers. A1 1.03b01 beta released September 2016 
DIR-810L H/W vers. B1 2.04b01_beta released September 2016
DIR-810L H/W vers. C1  3.01b01_beta released September 2016
DIR-818LW H/W vers. A1 1.05 released June 2016
DIR-818LW H/W vers. B1 2.05b03 released June 2016
DIR-850L H/W vers. A1 1.14 released April 2016
DIR-865L H/W vers. A1 1.08 released May 2016
DIR-880L H/W vers. A1 1.05b02 released April 2016 
DIR-890L H/W vers. A1 1.11b01 released September 2016 
DIR-869 H/W vers. A1  1.02b06 released April 2016 
DIR-879 H/W vers. A1 1.03 released March 2016