• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10382
DAP-2230/2310/2360 :: All Models :: All Revisions :: Zero-Day (Day-0) Reflected XSS Vulnerability
Publication ID: SAP10382
Resolved Status: Open
Published on: 26 February 2024 2:38 GMT
Last updated on: 26 February 2024 2:55 GMT

Overview  

 

As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development ceases for them.  Please read the information and recommendations below.

The DAP-2230, DAP-2310, and DAP-2360, all hardware revisions were reported by 3rd Party to have a Reflected XSS Exploit Vulnerability.  Once we became aware, we have been investigating the issue. Since this exploit was discovered on the internet the 3rd party reports it as a zero-day.

 

The primary service these products are to bridge from WiFi to Ethernet, known as an WiFi Access Point. Based on the information available, these devices should not be exposed directly to internet traffic or public WiFi. These should be connected to networks that are protected by other security measure that does not allow direct access to the devices ethernet LAN web-management interface.

 

Please check this announcement frequently for updated information.

 

These products have reached their final service life-cycle and all have last day of support dates set in the table below.

 

Additionally another set of D-Link DAP Access Point models which are EOL/EOS are reported on another announcement here.

 

D-Link US recommends retiring and replacing D-Link devices that have reached EOL/EOS. Please get in touch with your regional office for recommendations (LINK).

 

3rd Party Report information

   
    - Reports provided:

 

                    - Fekirine Djallal :: djallalakira _at_ gmail _dot_ com

                           - Reflected XSS Exploit Vulnerability

 

Affected Models

 

Model

Region

Hardware Revision

Pending EOL/EOS

Recommendation

Last Updated
DAP-2230

Non-US

 All Series H/W Revisions 06/30/2024 Under Investigation
 02/25/2024

DAP-2310

All

All Series H/W Revisions

09/18/2024

Under Investigation (Link)

02/25/2024
DAP-2360
 All All Series H/W Revisions 09/30/2024 Under Investigation 02/25/2024

 

Recommendation for End-of-Support/End-of-Life Products

 
From time to time, D-Link will decide that some of its products have reached the End of Support ("EOS") / End of Life (“EOL”). D-Link may choose to EOS/EOL a product due to technological evolution, market demands,   innovations, product efficiencies based on new technologies, or the product maturing over time and should be replaced by functionally superior technology.

For US Consumer


If a product has reached End of Support ("EOS") / End of Life ("EOL"), there is usually no further extended support or development for it.

Typically, for these products, D-Link will be unable to resolve device or firmware issues since all development and customer support has ceased. 

D-Link strongly recommends that this product be retired and cautions that further use may be risky to connected devices. If US consumers continue to use these devices against D-Link's recommendation, please ensure the device has the most recent firmware, frequently updates its unique password to access its web configuration, and always has WIFI encryption enabled with a unique password.