Overview:

On March 17, 2019, greenbone.net reported a remote command execution vulnerability in several D-Link DWR and DAP routers. D-Link is aware of the reported security issues. We have promptly started our investigation and is currently working on firmware patches for products confirmed to be affected. We will provide updates as soon as we have more information, please see below for more details. 

Reference:

https://community.greenbone.net/t/cve-2018-19300-remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers/1772 

 

Reported products:

 

Model	H/W Ver.	Affected Firmware Ver.	Current Status
DAP-1530	All A Revisions	Before 1.06b01	Patch available. In regions where this product is available, please check your local D-Link website.
DAP-1610	All A Revisions	Before v1.06b01	Firmware available
DWR-111	All A Revisions	Before v1.02v02	Patch available. In regions where this product is available, please check your local D-Link website.
DWR-116	All A Revisions	Before v1.06b03	Latest firmware is not affected
DWR-512	All B Revisions	Before v2.02b01	Firmware available
DWR-711	All A Revisions	v1.11 and lower	Under development
DWR-712	All B Revisions	Before 2.04b01	Patch available. In regions where this product is available, please check your local D-Link website.
DWR-921	All A Revisions	Before v1.02b01	Firmware available
DWR-921	All B Revisions	Before v2.03b01	Firmware available

 
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates.