On April 9, 2018, D-Link was notified by CERT/CC that cloud security solutions provider Akamai had disclosed (report available here) a large number of devices ,from many manufacturers, are potentially vulnerable to UPnP NAT injection.

The report cited the following D-Link devices may possibly be subject to this vulnerability:

  Akamai Listed D-Link US Products Potentially Affected

• DIR-601           Support Page Revision A, B, C, E, I
• DIR-615           Support Page Revisions A, B
• DIR-825           Support Page Revision A, B, C

  Akamai Listed D-Link US Products Not Affected 

• Verizon DSL-2750B H/W Revixion T1, T2:: Sticker on base of Unit Verizon Part # DLDSL2750B   Not Affected :: UPnP is disabled on this model
• DSL-2750B H/W Revision T1 :: H/W Revision information on tottom sticker of device :: Not Affected :: UPnP is disabled on this Model

  Akamai Listed D-Link non-US Products Potentially Affected 

• DIR-620
• DSL-2652BU
• DSL-2750B H/W Revision A1, B1, C1, D1, E1, F1
• DSL-2750E
• DVG-2102S
• DVG-5004S
• RG-DLINK-WBR2300
• DVG-N5402SP

The reported UPnP vulnerability appears to be an industrywide issue. While our investigation is still ongoing, users may opt for disabling the UPnP services on the device.

Please check  this page frequently for further updates.