D-Link has been informed of a vulnerability called BLURtooth that could potentially allow for key overwrite attacks on devices supporting Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD). D-Link has immediately investigated and confirmed that D-Link products are
not affected by this vulnerability.
D-Link’s Bluetooth-supported products use a proprietary encryption mechanism as a security measure. Additionally, the products only use Bluetooth during initial product setup, after which it is closed. Therefore, D-Link confirms that their products are not affected by BLURtooth. As soon as Bluetooth SIG has updates, D-Link will upgrade their products accordingly to ensure the safety and privacy of their products and users.
Please visit
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10193 for more information.