D-Link Forums

Announcements => Security Advisories => Topic started by: GreenBay42 on May 05, 2022, 06:14:52 AM

Title: DNS-320 (RevA) - Command Injection Vulnerability
Post by: GreenBay42 on May 05, 2022, 06:14:52 AM: Official Announcement - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10183 (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10183)

On July 7, 2020, D-Link was made aware of a Command Injection Vulnerability report by Swing of Chaitin Security Research Lab affecting the D-Link Network Attached Storage (NAS): DNS-320 Revision Ax. This disclosures is referenced as CVE-2020-25506 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25506)

All US consumers using the DNS-320 hardware revision Ax, are recommended to immediately retire and replace the device.

SMF 2.0.13 | SMF © 2016, Simple Machines