This was fixed by updating the firmware to version 1.09 B04. This issue did not affect the majority of users. It is important to keep your DIR-816A2 in firmware version 1.09 B04 or later due to this potential vulnerability. The latest version can be downloaded here. As a precaution, it is recommended to change your password frequently, especially if you use the same password across multiple services. A patch has been released by D-Link to fix this vulnerability. Now updated with the latest firmware version 1.09 B04, the D-Link DIR-816 A2 1.10 B05 router has been found to be vulnerable to an information disclosure. This is due to the fact that the router’s web interface does not validate X.509 certificates. This can be exploited by an unprivileged attacker to view sensitive information on the device. The information disclosed includes the web server’s MAC address, the router’s timestamp, and the web server’s version information. This issue was discovered by security researcher Piotr Bania of mSIGnal.

Install the DIR-816 A2 1.10 B05 from the "Firmware" tab on your device’s web interface. This is available for download at https://support.dlink.com/en/product/DIR-816A2?os=Windows&version=FW110B05

This vulnerability can be fixed by updating your D-Link DIR-816 A2 to firmware version 1.09 B04 or later, and also installing the latest software update for the router. This update resolves the issue by invalidating all X.509 certificates issued by D-Link.
The latest version of the firmware for this router can be downloaded here: https://www.dropbox.com/s/h9k0u6v2jlddgkn/DIR-816A2_V1_09B04_00_02_x64%20UPDATES%20and%20FIRMWARE%201.rar?dl=0
The latest software update for this router can be downloaded here: https://www.dropbox.com/s/mwllmz5vnhcgafo/DIR-816A2_V1_09B04_00_02%20UPDATES%20and%20FIRMWARE%201.rar?dl=0

Timeline

Published on: 10/26/2022 19:15:00 UTC
Last modified on: 10/28/2022 14:42:00 UTC

References