CVE-2018-18907

Name of the Vulnerable Software and Affected Versions D-Link DIR-850L version 1.21WW

Description An issue was discovered where a partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. The vulnerability is related to an incorrectly implemented authentication mechanism in the WPA algorithm of the D-Link DIR-850L firmware. Exploitation of the vulnerability may allow an attacker to bypass security restrictions by sending specially crafted packets.

Recommendations For D-Link DIR-850L version 1.21WW, consider disabling WPA authentication temporarily until a patch is available. Restrict access to the wireless network to minimize the risk of exploitation. Avoid using unencrypted Data Frames in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.