DAP 1360 (F1) & DAP-2020 (A2): Multiple vulnerabilities by ZDI at TrendMicro
19 stycznia, 2023
Overview
On September 8, 2022, 3rd party security research from TrendMicro ZDI reported the D-Link DIR-1360 hardware revision Fx with firmware version v6.14B01 as having multiple vulnerabilities.
As soon as D-Link was made aware of the reported security issues, we promptly started our investigation and developed security patches. During our investigation, the DAP-2020 hardware revision Fx was found to be also affected by these same vulnerabilities.
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.
Report information
- Reported by TrendMicro ZDI
- ZDI-CAN-18414 D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-CAN-18415 D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability
- ZDI-CAN-18416 D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-CAN-18417 D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-CAN-18418 D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-CAN-18419 D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-CAN-18422 D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-CAN-18423 D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability
- ZDI-CAN-18454 D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-CAN-18455 D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability
-ZDI-CAN-18746 D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Affected Models
Model | Hardware Revision | Affected FW | Fixed FW | Recommendation | Last Updated |
DAP-1360 | All F Series Hardware Revisions | v6.14b01& Below | v6.15EUb01_Beta_Hotfix |
Upgrade to Hofix Patch |
01/17/2023 |
DAP-2020 | All A2 Series Hardware Revisions | v1.03b01 & Below | v1.03rc004_Beta_Hotfix | Upgrade to Hofix Patch | 01/17/2023 |