Unauthenticated RCE for EoL routers

Last Updated: 11/19/2019

PR Statement:

D-Link has recently been made aware of potential vulnerabilities in some D-Link routers that could allow an intruder without the proper credentials to access the device’s web-configuration. The following routers may be affected: DIR-866, DIR-655, DHP-1565, DIR-652, DAP-1533, DGL-5500, DIR-130, DIR-330, DIR-615, DIR-825, DIR-835, DIR-855L, and DIR-862. To mitigate the risk of attack, we strongly encourage users of the listed routers to turn off the remote management function of the routers and reset the routers with complicated passwords.

The products listed above have reached End-of-Life (“EoL”)/End-of-Service (“EoS”). Once a product has reached its EoL/EoS date, D-Link is unable to provide support or development for them and therefore is unable to resolve newly discovered vulnerability concerns.

From time to time, D-Link will decide that certain of its products have reached EoL. D-Link may choose to EoL a product for many reasons, including shifts in market demands, technology innovation, costs or efficiencies based on new technologies, or the product simply matures over time and is replaced by functionally superior technology. Once a product is identified as EoL, D-Link will provide the dates the support and service for that product will no longer be available.

While EoL is an established part of a product’s overall life cycle, D-Link understands that EoL of a product may affect an end-user’s decision to continue to use the product. The chart in the link below outlines D-Link's EoL Policy to help customers better manage their End-of-Life transition and to help D-Link better understand its role in helping our customers migrate to alternative D-Link products and technology.

D-Link’s End-of-Life Policy can be found here: https://www.dlink.com/en/eol-policy

Affected Products

  • DIR-866
  • DIR-655
  • DIR-1565
  • DIR-652
  • DAP-1533
  • DGL-5500
  • DIR-130
  • DIR-330
  • DIR-615
  • DIR-825
  • DIR-835
  • DIR-855L
  • DIR-862