D-Link Forums

Announcements => Security Advisories => Topic started by: FurryNutz on November 20, 2013, 08:56:29 AM

Title: D-Link Products - Security Advisory Information
Post by: FurryNutz on November 20, 2013, 08:56:29 AM
All D-Link product Security Advisories will be located here:
D-Link Security Advisory Information (http://support.dlink.com/SecurityAdvisories.aspx)
D-Link Current uPnP Security Status (http://www.dlink.com/us/en/technology/upnp)

If you have a concern or need immediate help, please phone contact your regional D-Link support office and inquire with in about your concerns.

Thank you.
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on September 26, 2014, 07:59:19 AM
9/24/2014: A new advisory has been added...
Shell Shock

Doesn't seem to effect Cameras or Routers at this time. D-Link is investigating further on what other products may be.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10044 (http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10044)

Basic Info about Shell Shock:
In order to take advantage of this exploit the hacker has to send a command line to an environment variable using the envoke command. This is easy to do if you have access to an SSH shell but that typically would require username and password knowledge. Cameras and routers don't have SSH access nor BASH shell utilities.

If users are concerned about any of there products being effected by this, please review the information linked to this issue or phone contact your regional D-Link support office immediately. We find that phone contact has better immediate results over using email.

Keep clam and chive on!  :)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on September 30, 2014, 08:00:52 AM
http://support.apple.com/kb/DL1769?viewlocale=en_US&locale=en_US (http://support.apple.com/kb/DL1769?viewlocale=en_US&locale=en_US)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on March 10, 2015, 09:12:40 AM
Fix for the following SAP in beta form is posted:
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052 (http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052)


Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on April 13, 2015, 12:44:27 PM
Security Advisory

Please update your router:
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10054 (http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10054)

Please follow this for updating FW:
 FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)

For router models not yet having a fix, please be patient as they are working on the solutions for each model. Please keep checking back to see if links to FW files have been posted. If you have immediate needs for help and information, we recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on May 21, 2015, 10:35:04 AM
NetUSB and suspected vulnerability:
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10057 (http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10057)
http://www.kb.cert.org/vuls/id/BLUU-9VFUFZ (http://www.kb.cert.org/vuls/id/BLUU-9VFUFZ)

Kcodes NetUSB :: Buffer Overflow
Publication ID: SAP10057   
Related Products:
DAP-1350
DGL-4500
DHP-1320
DIR-615
DIR-628
DIR-632
DIR-635
DIR-655
DIR-685
DIR-825
DIR-855
Title: More than fifty vulnerabilities in D-Link NAS and NVR devices
Post by: PacketTracer on May 30, 2015, 07:12:25 AM
More than fifty vulnerabilities in D-Link NAS and NVR devices:

Sources: SEARCH-LAB (http://www.search-lab.hu/advisories/secadv-20150527) and full report (http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf).
Title: Re: More than fifty vulnerabilities in D-Link NAS and NVR devices
Post by: FurryNutz on May 30, 2015, 11:46:02 AM
Thank you PT, I'll sent this off to see what the status is.

 ::)

More than fifty vulnerabilities in D-Link NAS and NVR devices:

Sources: SEARCH-LAB (http://www.search-lab.hu/advisories/secadv-20150527) and full report (http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf).
Title: Re: More than fifty vulnerabilities in D-Link NAS and NVR devices
Post by: FurryNutz on June 01, 2015, 09:20:45 AM
Posted to the Security site now and seems to be actively working on fixing it for the DNS models effected:
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10058 (http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10058)


More than fifty vulnerabilities in D-Link NAS and NVR devices:

Sources: SEARCH-LAB (http://www.search-lab.hu/advisories/secadv-20150527) and full report (http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf).
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on June 13, 2015, 01:40:51 PM
New Security issue posted. Mostly effecting DSL modems only:
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10059 (http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10059)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on December 02, 2015, 08:26:10 AM
FYI, the Security site is not public anymore. Not sure of reason for change. Any issues seen or questions needed answered, please fill out the Security submission form, post here in the forums or phone contact your regional D-Link support office for immediate help and information.

Thank you.
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on June 05, 2016, 03:12:18 PM
FYI: Looks like Teamviewer app has been hacked.  :-\
http://thehackernews.com/2016/06/teamviewer-hacked-security.html
 (http://thehackernews.com/2016/06/teamviewer-hacked-security.html)http://arstechnica.com/security/2016/06/teamviewer-users-are-being-hacked-in-bulk-and-we-still-dont-know-how/ (http://arstechnica.com/security/2016/06/teamviewer-users-are-being-hacked-in-bulk-and-we-still-dont-know-how/)


Users using this app may want to contact them to get more info:
https://www.teamviewer.com/en/support/contact/ (https://www.teamviewer.com/en/support/contact/)
https://blog.teamviewer.com/how-to-create-a-strong-password/ (https://blog.teamviewer.com/how-to-create-a-strong-password/)
Title: Re: D-Link Products - Security Advisory Information
Post by: RYAT3 on June 05, 2016, 06:58:21 PM
FYI: Looks like Teamviewer app has been hacked.  :-\
http://thehackernews.com/2016/06/teamviewer-hacked-security.html
 (http://thehackernews.com/2016/06/teamviewer-hacked-security.html)http://arstechnica.com/security/2016/06/teamviewer-users-are-being-hacked-in-bulk-and-we-still-dont-know-how/ (http://arstechnica.com/security/2016/06/teamviewer-users-are-being-hacked-in-bulk-and-we-still-dont-know-how/)


Users using this app may want to contact them to get more info:
https://www.teamviewer.com/en/support/contact/ (https://www.teamviewer.com/en/support/contact/)
https://blog.teamviewer.com/how-to-create-a-strong-password/ (https://blog.teamviewer.com/how-to-create-a-strong-password/)

Thanks! Got caught up in that DoS last week and was like is it me or them?!

Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on June 06, 2016, 07:56:25 AM
Ya, I hope they will correctly quickly. TV is a great program for remoting. Hate to see it go bad.  :-\
Title: Re: D-Link Products - Security Advisory Information
Post by: ccwow on July 09, 2016, 04:55:46 AM
Any word or updates on this vulnerability:

http://news.softpedia.com/news/d-link-vulnerability-affects-over-120-products-400-000-devices-506104.shtml

How is it being addressed?
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on July 09, 2016, 09:27:43 AM
The article said that D-Link was aware of the issue. I presume it may take time.
"D-Link has promised to fix all issues, but firmware upgrades for IoT devices are notoriously challenging and slow."


Read more: http://news.softpedia.com/news/d-link-vulnerability-affects-over-120-products-400-000-devices-506104.shtml#ixzz4DvhPVIHm

 
Any word or updates on this vulnerability:

http://news.softpedia.com/news/d-link-vulnerability-affects-over-120-products-400-000-devices-506104.shtml

How is it being addressed?
Title: Re: D-Link Products - Security Advisory Information
Post by: RYAT3 on July 09, 2016, 09:59:22 AM
These vulnerabilities are really just the back doors they are required to put in for the Govt.

It'll probably take more time to put in a new one than close this one.
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on July 18, 2016, 08:19:23 AM
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10062 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10062)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on August 18, 2016, 09:18:52 AM
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on November 09, 2016, 10:37:31 AM
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10066 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10066)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on November 24, 2016, 10:23:15 AM
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10067 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10067)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on January 06, 2017, 07:36:55 AM
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10069 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10069)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on February 23, 2017, 09:43:49 AM
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on March 01, 2017, 07:00:30 AM
Update for Senr.io Vulnerability Information:
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10062 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10062)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on March 13, 2017, 11:04:56 AM
D-Link Products accused by Pierre Kim in GoAhead vulnerability disclosure..
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10071 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10071)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on March 22, 2017, 01:43:51 PM
DSM-600M CSRF/XSS Vulnerability Security Patch Released:
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10072 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10072)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on April 22, 2017, 11:46:17 AM
Router:
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063)

NAS:
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10064 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10064)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on May 08, 2017, 01:59:27 PM
FYI:
https://www.us-cert.gov/ncas/current-activity/2017/05/05/Mozilla-Releases-Security-Updates (https://www.us-cert.gov/ncas/current-activity/2017/05/05/Mozilla-Releases-Security-Updates)
Title: Re: D-Link Products - Security Advisory Information
Post by: GreenBay42 on September 14, 2017, 01:45:25 PM
DIR-850L - RevA/B Security Vulnerability:

http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10074 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10074)
Title: WPA2 KRACK attack
Post by: FurryNutz on October 16, 2017, 09:45:24 AM
D-link is ware of the issue already. No information on when fixes are forth coming at this time. I presume they are in the testing and planning stages of this. I presume ALL Mfrs are working on getting this fixed soon as possible. Please be patient.

If you need more help and information regarding this, I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

https://www.krackattacks.com (https://www.krackattacks.com)

https://www.snbforums.com/threads/wpa2-vulnerability-exposed.41678/ (https://www.snbforums.com/threads/wpa2-vulnerability-exposed.41678/)
"I understand that it's an exploit of the client, not the router."

https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches (https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches)
https://www.windowscentral.com/vendors-who-have-patched-krack-wpa2-wi-fi-vulnerability (https://www.windowscentral.com/vendors-who-have-patched-krack-wpa2-wi-fi-vulnerability)
https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/ (https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/)
http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 (http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4)
https://www.forbes.com/sites/thomasbrewster/2017/10/16/krack-attack-breaks-wifi-encryption/#5952bdbb2ba9 (https://www.forbes.com/sites/thomasbrewster/2017/10/16/krack-attack-breaks-wifi-encryption/#5952bdbb2ba9)
http://www.kb.cert.org/vuls/id/CHEU-AQNMZT (http://www.kb.cert.org/vuls/id/CHEU-AQNMZT)
Title: Re: D-Link Products - Security Advisory Information
Post by: hydra3333 on October 16, 2017, 05:12:14 PM
Thank you !

Some other manufacturers have released patches however d-link aren't among those listed to have patched for the KRAK attack :(
https://www.windowscentral.com/vendors-who-have-patched-krack-wpa2-wi-fi-vulnerability
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on October 16, 2017, 05:35:56 PM
D-Link is aware of everything. I'm sure they are working on what they need too...

Thanks for posting the link again.  ::)
Title: Re: D-Link Products - Security Advisory Information
Post by: RYAT3 on October 17, 2017, 06:20:51 AM
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10075 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10075)
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on October 17, 2017, 09:21:50 AM
 ;D
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on June 11, 2018, 06:39:09 AM
https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/ (https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/)
I've passed this on to D-Link support for review. Only a few D-Link routers listed.  ::)
Title: Re: D-Link Products - Security Advisory Information
Post by: GreenBay42 on June 11, 2018, 06:56:27 AM
For the latest on the VPNfilter Malware click here --> https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085 (https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085)

Talos Intelligence (“Talos”) recently reported that a malware known as VPNFilter could render IoT devices vulnerable. On June 5, 2018, it was disclosed that the following D-Link products might be affected:

·         DES-1210-08P
·         DIR-300 (non-USA)
·         DIR-300A (non-USA)
·         DSR-250N
·         DSR-500N
·         DSR-1000 (non-USA)
·         DSR-1000N (non-USA)

While D-Link appreciates Talos for making the above disclosure and is taking this report seriously, we did not receive enough details from the disclosure to identify which hardware revision or firmware of the products could be affected. Therefore, immediately upon learning of the first report by Talos, D-Link began diligently investigating the nature of the malware and its potential threats to our customers. The best intelligence we currently have is that the VPNFilter malware may attempt to use known vulnerabilities/exploits to attack a device.

To help protect your devices from the VPNFilter malware, please make sure that your devices are completely updated with the latest firmware. We recommend users update their firmware to the latest version, reset their devices to the factory default, and then complete the installation/setup steps.

We strongly encourage owners/users of D-Link products to frequently check for device firmware updates at the D-Link Support website.

For end-of-life devices DIR-300 A1 and DIR-300Bx, we recommend that the owners contact their local regional distributors for alternate solutions.
Title: Re: D-Link Products - Security Advisory Information
Post by: FurryNutz on November 21, 2018, 10:28:05 AM
For DIR-890L/R, DIR-885L/R, and DIR-895L/R:
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099 (https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099)