First published: Thu Jun 16 2022(Updated: )
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-850l Firmare | <1.21b07 | |
Dlink Dir-850l |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-18907.
The severity of CVE-2018-18907 is high with a CVSS score of 7.5.
The affected software of CVE-2018-18907 is D-Link DIR-850L 1.21WW devices with firmware version 1.21b07.
An attacker can exploit CVE-2018-18907 by sending packets on Data Frames to the AP without encryption, allowing them to obtain full access to the wireless network.
Yes, you can find references for CVE-2018-18907 at the following links: [http://us.dlink.com/security-advisories/](http://us.dlink.com/security-advisories/), [https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10097](https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10097), [https://www.synopsys.com/blogs/software-security/wpa2-encryption-bypass-defensics-fuzzing/](https://www.synopsys.com/blogs/software-security/wpa2-encryption-bypass-defensics-fuzzing/).