D-Link has released firmware updates and mitigation guidance addressing the recently disclosed “AirSnitch” Wi-Fi attacks, which can bypass client isolation protections under certain conditions without breaking encryption itself.
The disclosure follows public research presented in February 2026, with more details released last week at the Network and Distributed System Security (NDSS) Symposium. The team of researchers demonstrated that weaknesses in how client isolation is implemented across Wi-Fi networks can allow an authenticated attacker to intercept or manipulate traffic, even across separate SSIDs in some configurations.
According to D-Link, the researchers initially reported their findings privately in early January 2026, allowing the vendor to begin assessing product impact ahead of public disclosure. Subsequent testing confirmed that the AirSnitch techniques could be reproduced on D-Link hardware, including the M60 router series, prompting the development of a mitigation in the form of updated firmware.
D-Link is a global networking equipment manufacturer known for producing consumer and small-business routers, switches, and IoT connectivity products. Its devices are widely deployed in home networks and small office environments.
The company’s advisory identifies the issue as a bypass of client isolation and guest network segmentation, rather than a flaw in WPA2/WPA3 authentication or encryption. This distinction aligns with the original research, which showed that AirSnitch exploits inconsistencies between how isolation is enforced at different layers of the network stack, including MAC-layer filtering, IP routing behavior, and internal switching logic.
Fixes and non-fixes
Among affected devices, the D-Link M60 is currently under active mitigation. A beta firmware release, made available on April 5, 2026, introduces changes designed to better isolate guest and internal network clients. D-Link notes that this is a partial fix and that additional updates may follow as broader industry coordination progresses.
In contrast, the DIR-3040 router, explicitly named in the academic research as a tested device, will not receive a security update. The model has reached end-of-life (EOL) and end-of-service (EOS) status, meaning no further firmware development is planned. Users of this device are advised to replace it with a supported model that continues to receive security patches.
The company is working with the Wi-Fi Alliance, chipset manufacturers, and other ecosystem partners to define more robust approaches to enforcing client isolation, suggesting that some aspects of the vulnerability stem from lower-level design and implementation inconsistencies.
For users and administrators, D-Link recommends installing the latest firmware updates as they become available and not relying solely on client isolation as a security boundary. Additional defensive measures include:
- Using strong Wi-Fi passwords and avoiding shared credentials where possible
- Keeping all connected devices updated with the latest security patches
- Favoring end-to-end encrypted applications and services
- Reviewing network segmentation, particularly in environments handling sensitive data
The AirSnitch research highlighted that these attacks require the adversary to already have access to the Wi-Fi network, but in many real-world scenarios, such as public hotspots, enterprise guest networks, and shared residential environments, that requirement is relatively easy to meet.
Leave a Reply