DIR-880L

../../../_images/DIR-880L.png

Availability

Danger

This model has been Discontinued by D-Link. Consider upgrading to a different model!

Performance

Wireless Performance Explained

Advertised Speed of 5Ghz band

Theoretical 802.11ac speed on 5Ghz band (using 80Mhz channel, 256-QAM, 400 ns GI):

  • 3 spatial streams x 433.3 mbps/stream = 1299.9 mbps

Note

This is classified as a “Mid-Performer” 802.11ac wifi system. If higher performance is needed, consider upgrading to a “Top-Performer”. Read: What’s the fastest 802.11ac (wifi5) wifi system possible?

Security

  • WPA2-Personal (128-bit encryption)
  • WPA2-Enterprise (128-bit encryption)

Firmware Changelog

Does this support automatic firmware updates? To find out. If you have this model, and are running the latest firmware, contact us.

Download the latest firmware from dlink.com

1.20B02_BETA01_icl9 (2018-12-21)

Report:

  • A research report to D-Link has reported multiple routers (DIR-850L A1/B1, DIR-822 C1 and DIR-880L A1) with security vulnerabilities: Authenticated bypass and Authenticated RCE. 3rd Party Researcher: Henry Huang (happyholic1203 at gmail dot com)

Problems Fixed:

  • Authentication bypass
  • Authenticated RCE

1.20B01-01-i3se (2018-06-29)

Problems Resolved:

  • Fix SharePort Plus utility and DLNA access
  • WPA2 Security Patch (KRACK)

1.08B06 (2018-03-01)

Notes:

  • Reported: 01/14/2018
  • Discovered by: Kaixiang Zhang of Qihoo 360 Gear Team

Problems Resolved:

  • CVE-2018-6527. XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php allowing remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi in the following:
  • CVE-2018-6528. XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php allowing remote attackers to read a cookie via a crafted receiver parameter to soap.cgi in the following:
  • CVE-2018-6529. XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php allowing remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi in the following
  • CVE-2018-6530. OS command injection vulnerability in soap.cgi (soapcgi_main incgibin) allowing remote attackers to execute arbitrary OS commands via the service parameter in the following

1.08B04 (2016-11-10)

Security Fix:

1.05B01 (2015-11-20)

Fixed Security vulnerability

1.07.B08 (2016-04-26)

Fixed Security Vulnerability:

Enhancements:

  • Support basic VLAN tagging on WAN (Internet Port) for special Internet access
  • using Static IP, DHCP or PPPoE
  • Improved wireless multicast
  • Improved Edge browser compatibility
  • Supports MAC cloning for PPPoE configuration
  • Support Schedule Reboot
  • Adds HT20/40 Coexistence options for 2.4GHz wireless on management UI
  • Extends the number of rules from 15 to 24. (Static Route IPv4 and v6, Port Forwarding, Firewall IPv4 and v6, Virtual Server, Website Filter)
  • Parental control in Connected Client page can now be manually assigned to unconnected clients

1.05.B02 (2015-09-08)

Problems Resolved:

  • Resolve login UI issue while captcha is enabled
  • Resolve multicast issue

Fixed the following Security Vulnerabilities:

  • HNAP Privilege Escalation
  • Command Injection

Enhancements:

  • Improve Smart Connect Functionality
  • QoS Maximum bandwidth is now configurable

1.02.B13 (2014-11-24)

Problems Resolved:

  • Sync to D-Link SVN server with GUI
  • Update DHCP reservation’s behavior

Enhancements:

  • Update FCC band 1 output power
  • Update mydlink agent