CVE-2018-18907
HIGHD-Link DIR-850L < 1.21b07 - Unauthenticated WPA2 Encryption Bypass via Data Frame Injection
Title source: llmDescription
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
http://us.dlink.com/security-advisories/
Third Party Advisory x_refsource_misc
https://www.synopsys.com/blogs/software-security/wpa2-encryption-bypass-defensics-fuzzing/
Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10097
Scores
CVSS v3
7.5
EPSS
0.0020
EPSS Percentile
41.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
dlink/dir-850l_firmare
< 1.21b07
Published
Jun 16, 2022
Tracked Since
Feb 18, 2026