D-Link Forums
Announcements => Security Advisories => Topic started by: GreenBay42 on April 12, 2018, 07:50:21 AM
-
Please visit http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10081 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10081) for the latest information and product information.
As of April 16, 2018:
On April 9, 2018, D-Link was notified by CERT/CC (https://www.us-cert.gov/) that cloud security solutions provider Akamai (https://www.akamai.com/) had disclosed (report available here (https://www.akamai.com/us/en/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf)) a large number of devices from many manufacturers are potentially vulnerable to UPnP NAT injection.
The report cited the following D-Link devices may possibly be subject to this vulnerability:
United States (US) Products:
DIR-601 Revision A, B, C, E, I
DIR-615 Revisions A, B
DIR-825 Revision A, B, C
Verizon DSL-2750B :: Sticker on base of Unit Verizon Part # DLDSL2750B Not Affected :: UPnP is disabled on this model
Non-US Products:
DIR-620
DSL-2652BU
DSL-2750B revision E
DSL-2750E
DVG-2102S
DVG-5004S
RG-DLINK-WBR2300
DVG-N5402SP
The reported UPnP vulnerability appears to be an industry-wide issue. While our investigation is still ongoing, users may opt for disabling the UPnP services on the device.