Remote Command Execution Vulnerability in D‑Link DWR and DAP routers

19 martie, 2019

Overview:

On March 17, 2019, greenbone.net reported a remote command execution vulnerability in several D-Link DWR and DAP routers. D-Link is aware of the reported security issues. We have promptly started our investigation and is currently working on firmware patches for products confirmed to be affected. We will provide updates as soon as we have more information, please see below for more details. 

Reference:

https://community.greenbone.net/t/cve-2018-19300-remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers/1772 

 

Reported products:

 

Model H/W Ver. Affected Firmware Ver. Current Status
DAP-1530 All A Revisions Before 1.06b01 Patch available. In regions where this product is
available, please check your local D-Link website.
DAP-1610 All A Revisions Before v1.06b01  Firmware available
DWR-111 All A Revisions Before v1.02v02 Patch available. In regions where this product is
available, please check your local D-Link website.
DWR-116 All A Revisions Before v1.06b03 Latest firmware is not affected
DWR-512 All B Revisions Before v2.02b01 Firmware available
DWR-711   All A Revisions  v1.11 and lower Under development
DWR-712 All B Revisions Before 2.04b01 Patch available. In regions where this product is
available, please check your local D-Link website.
DWR-921 All A Revisions Before v1.02b01

Firmware available

DWR-921 All A Revisions Before v2.03b01 Firmware available

 
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates.