Support Announcements
D-Link NAS : DNS Series : Stored XSS via Unauthenticated SMB Security Advisory


Some active D-Link DNS network attached storage contain a XSS vulnerability, which may allow a malicious.


3rd Party Incident Report:


Benjamin Daniel Mussler - Link


Affected Devices:


Many of the affected products had firmware post prior to July 30, 2016. They are located wth the  list of downloadable files for each model. 


A Summary of links to the support product pages follow.


  • DNS-320 rev A  :: Fixed 2.05b10  :: Link
  • DNS-320 rev B  :: Fixed 2.05b10  :: Link  
  • DNS-320L :: Fixed 1.08b06 : Link   
  • DNS-325   : Under Development  as of 09/01/16
  • DNS-327L : Under Development as of 0901/16
  • DNS-340L : Fixed 1.04b04 : Link   
  • DNS-345  : Under Development as of 09/01/16  


The units that are marked Under Development are products that are End of Life. We are attempting to get fixes for thses issues out as soon as possilbe.




Please visit original  report at :