NOTE :
--- Please first upgrade the Router with the transitional firmware, DIR-850L Bx_FW208SGb01
--- And proceed with the DIR-850L Bx_FW210SGb01 firmware upgrade
*Please read the enclosed DIR-850L HW B Firmware upgrade guide .
Problems Resolved:
Fixed the security issues reported by Researcher Pierre Kim on Sep 8th, 2017.
• Firmware Protection
• WAN && LAN - Retrieving admin password, gaining full access using the custom mydlink Cloud protocol (CVE-2017-14417, CVE-2017-14418)
• WAN - Weak Cloud protocol (CVE-2017-14419, CVE-2017-14420)
• LAN - Backdoor access (CVE-2017-14421)
• WAN && LAN - Stunnel private keys (CVE-2017-14422)
• Local - Weak files permission and credentials stored in clear text
(CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-14428)
• WAN - Pre-Auth RCEs as root (L2)
(CVE-2017-14429)
• LAN - DoS attack against some daemons (CVE-2017-14430)

SUMMARY OF PREVIOUS 0-DAY FLAWS FOUND ON DLINK DIR850L ROUTER (RevA & RevB)

1) Weak or NO protection on Firmware.
2) Weak File permissions are stored in clear text.
3) Cross-site scriting flaws which enables attacker to steal the authentication cookies.
4) Vulnerabilities in MyDLink cloud protocol enables attacker to gain full access to the Router.
5) RevB backdoor access.
6) Hardcoded private keys in the firmware RevA & RevB enables MiTM attcks.
7) DNS Hijack on RevA.
8) Vulnerabilities in RevB enables command injection attacks.
9) DOS flaws in some daemons running in both RevA & RevB can be crashed via LAN.
* If you would like to wait for Telco-specific firmware, suggest you to wait for their own release. The above upgrade & patch has been tested on v2.07TT firmware by my team & it works fine.