• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10377
DIR-1960/1360/3060/2660 :: FW v1.11b03 or below :: Command Injection in HNAP Vulnerabilities
Publication ID: SAP10377
Resolved Status: Yes
Published on: 1 February 2024 9:20 GMT
Last updated on: 1 February 2024 9:20 GMT

 

Overview  

 

From time to time, D-Link will decide that some of its products have reached End of Support ("EOS") / End of Life (“EOL”). D-Link may choose to EOS/EOL a product due to evolution of technology, market demands,  new innovations, product efficiencies based on new technologies, or the product matures over time and should be replaced by functionally superior technology.

The DIR-1960 DIR-1360 DIR-3060 DIR-2660 all hardware revisions, reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle in the US on January 31, 2021.  D-Link US recommends D-Link devices that have reached EOL/EOS, to be retired and replaced. Please contact your regional office for recommendations (LINK).

 

As a  general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease.  Please read information and recommendations below.  

 

3rd Party Report information

   
    - Reports provided: 
 

                    - Labs, STAR info _at_ starlabs _dot_ sg

                              DIR-1960 DIR-1360 DIR-3060 DIR-2660

                          Vul #1: HNAP1 SetSysEmailSettings Authenticated Command Injection
                          Vul #2: HNAP1 SetUsersSettings Authenticated Command Injection
                          Vul #3: HNAP1 SetAdministrationSettings Authenticated

                        DIR-1960

                          Vul #1: Command Injection buffer overflow vulnerability caused by srtcat

 

Affected Models

 

Model Region Hardware Revision End of Support Fixed Firmware
 Recommendation Last Updated
DIR-1360
 US
 All Series H/W Revisions
 03/31/2024 v1.11B04b_Hotfix
 		Automatic Download or Via WebGUI

01/31/2024
DIR-1960 US All Series H/W Revisions 03/31/2024  v1.11B03b_Hotfix Automatic Download or Via WebGUI 01/31/2024
DIR-2660 US All Series H/W Revisions 03/31/2024 v1.11B04_Hotfix Automatic Download or Via WebGUI 01/31/2024
DIR-3060 US All Series H/W Revisions 03/31/2024 v1.11B04_Hotfix Automatic Download or Via WebGUI 01/31/2024

 

 

Recommendation for End of Support /End of Life Products

 

For US Consumer

  
If a product has reached End of Support ("EOS") / End of Life ("EOL"), there is normally no further extended support or development for it.

 

Typically for these products, D-Link will be unable to resolve device or firmware issues since all development and customer support has ceased. 

 

D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it. If US consumers continue to use these devices against D-Link's recommendation, please make sure the device has the most recent firmware, make sure you frequently update the device's unique password to access its web-configuration, and always have WIFI encryption enabled with a unique password.