D-Link Addresses Non-Unique Certificates and SSH Private Key Vulnerability

23 settembre, 2016

Overview

It has been reported that a security issue regarding the authentication of the non-unique certificated and SSH private keys used in networking product from multiple vendors. After investigation, D-Link has been working hard to provide updated firmwares for products that are affected.

References

https://www.kb.cert.org/vuls/id/566724
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

General Recommendations

Immediately update to latest firmware available for affected product. For routers, not to open the remote management function if it is not required.

Affected Products

Firmware updates has already been released for the below products that are available in Europe. All firmware versions later than the below stated are not affected by this vulnerability.

Model Name	FW Version
DCS-935L H/W vers. A	1.08.06 released February 2016
DIR-810L H/W vers. A1	1.03b01 beta released September 2016
DIR-810L H/W vers. B1	2.04b01_beta released September 2016
DIR-810L H/W vers. C1	3.01b01_beta released September 2016
DIR-818LW H/W vers. A1	1.05 released June 2016
DIR-818LW H/W vers. B1	2.05b03 released June 2016
DIR-850L H/W vers. A1	1.14 released April 2016
DIR-865L H/W vers. A1	1.08 released May 2016
DIR-880L H/W vers. A1	1.05b02 released April 2016
DIR-890L H/W vers. A1	1.11b01 released September 2016
DIR-869 H/W vers. A1	1.02b06 released April 2016
DIR-879 H/W vers. A1	1.03 released March 2016

D-Link Addresses Non-Unique Certificates and SSH Private Key Vulnerability

Resta sempre aggiornato

Iscriviti alla newsletter