Overview  

On November 22, 2017, D-Link became  aware that a 3rd party researcher has recently disclosed CVE-2017-17720 that accused DCS-5020L of several security vulnerabilities.

Upon investigation, D-Link verified the report and expanded the scope to other models including DCS-5025L, DCS-932L, DCS-5009L, DCS-5010L, DCS-5020L, DCS-931L, DCS-933L, and the DCS-934L

D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. 

Disclosure   

     3rd party researcher
     Tim Carrington ::  Tim@fidusinfosec.com

     CVE-2017-17720

     https://fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/

     https://nvd.nist.gov/vuln/detail/CVE-2017-17020

     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17020

   
Affected Products

Currently, D-Link is aware that the following D-Link brand devices may be affected:

Recommendations

To mitigate the risks, we strongly encourage our users to do the following:

     - Ensure you have checked your local customer care support site (In US: support.dlink.com) to get the latest firmware available for your device.

Security patch for your D-Link Devices

This firmware is an update security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install this relevant updates.

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.