The vulnerability of the HNAP protocol implementation in D-Link Wi-Fi router microprogramming products such as DIR-867-US, DIR-878, and DIR-882-US allows attackers to circumvent security restrictions, gain increased privileges, or execute arbitrary code.

The vulnerability of the HNAP protocol implementation in D-Link Wi-Fi router software models such as DIR-867-US, DIR-878, and DIR-882-US lies in the ability to bypass authentication by using an alternative path or channel when processing HTTP requests that include the string “?GetCAPTCHAsetting”...

D-Link DIR-867, DIR-878 and DIR-882 Authentication Bypass Vulnerabilities

The D-Link DIR-878 and D-Link DIR-867 are both a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the HNAP request handling in the DIR-867-US using firmware version 1.20B10 and earlier and the DIR-878 using firmware version 1.20B05 and earlier, which stems from...