Overview
On November 26, 2025, D-Link was made aware of Fortinet's FortiGuard Labs' disclousre on malware named “ShadowV2” spreading via IoT vulnerabilities.
The Disclosure accuses legacy EOL/EOS D-Link products, that have public posted notice retire and replace approaching 10 years. The resources associated with these products have ceased their development and are no longer supported.
D-Link Systems, Inc. recommends retiring these products and replacing them with products that receive firmware updates.
This announcement covers all models disclosed as well as some additonal storage products the we recommend the owners/user to retire their use.
This exploit affects legacy D-Link products and all hardware revisions that have reached their end-of-life ("EOL")/end-of-service-life ("EOS") Life Cycle. Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported by D-Link.
D-Link US recommends retiring and replacing D-Link devices that have reached EOL/EOS. Please get in touch with your regional office for recommendations (LINK).
Regardless of product type or sales channel, D-Link's general policy is that when products reach EOS/EOL, they can no longer be supported, and all firmware development ceases for them. Please read the information and recommendations below.
3rd Party Report information
- Reports:
- Report #1: - Fortiguard Labs - Vincent Li - ShadowV2 Casts a Shadow Over IoT Devices - Link - Fortinet sensors detected active exploitation attempts linked to a Mirai-based botnet known as ShadowV2. This variant was propagating through multiple vulnerabilities identified and blocked by our Intrusion Prevention System (IPS). ShadowV2 had previously been observed targeting AWS EC2 instances in campaigns disclosed in September.
- Exploiting
- CVE-2020-25506 - Link - D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in
the system_mgr.cgi component, which can lead to remote arbitrary code execution.
- CVE-2022-37055 - Link - D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02
are vulnerable to Buffer Overflow via cgibin, hnap_main,
- CVE-2024-10914 - Link - Report #2 Bleow - D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L
account_mgr.cgi cgi_user_add os command injection
- CVE-2024-10915 - Link - Report #3 Below - D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L
account_mgr.cgi cgi_user_add os command injection
- Report #2: - NetSecFish- cna _at_ vuldb _dot_ com - CVE-2024-10914 - NetSecFish Link - Command Injection: The vulnerability is localized to the account_mgr CGI script, particularly when handling the cgi_user_add command. The name parameter in this script does not adequately sanitize input, allowing command execution.
CWE-78: OS Command Injection
CWE-74: Injection
CWE-707: Improper Neutralization
- Report #3: - NetSecFish- cna _at_ vuldb _dot_ com - CVE-2024-10915 - NetSecFish Link - Command Injection: The vulnerability is localized to the account_mgr CGI script, particularly when handling the cgi_user_add command. The name parameter in this script does not adequately sanitize input, allowing command execution.
CWE-78: OS Command Injection
CWE-74: Injection
CWE-707: Improper Neutralization
- Report #4: - NetSecFish- cna _at_ vuldb _dot_ com - CVE-2024-10916 - NetSecFish Link - HTTP GET Request info.xml information disclosure
CWE-200: Information Disclosure
CWE-284: Improper Access Controls
Affecting:
- DNS-320 Version 1.00
- DNS-320LW Version 1.01.0914.2012
- DNS-325 Version 1.01, Version 1.02
- DNS-340L Version 1.08
EOL/EOS Models (Including affected Models)
| Model |
Region |
Hardware Revision |
End of Service Life
|
Conclusion |
Last Updated |
| GO-RT-AC750 |
Non-US |
All H/W Revisions |
02/29/2020 |
Retire & Replace Device |
11/26/2025 |
| DNS-120 |
All Regions |
All H/W Revisions |
01/01/09 : Link |
Retire & Replace Device |
11/26/2025
|
| DNR-202L |
All Regions |
All H/W Revisions |
06/30/2020 : Link |
Retire & Replace Device |
11/26/2025 |
DNS-315L
|
Non-US |
All H/W Revisions |
09/11/2014 |
Retire & Replace Device |
11/26/2025 |
| DNS-320 |
All Regions |
All H/W Revisions |
12/1/2018 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-320L |
All Regions |
All H/W Revisions |
05/31/2020 : Link |
Retire & Replace Device
|
11/26/2025 |
| DNS-320LW |
Non-US |
All H/W Revisions |
05/31/2020 |
Retire & Replace Device |
11/26/2025 |
| DNS-321 |
All Regions |
All H/W Revisions |
5/5/2013: Link |
Retire & Replace Device |
11/26/2025 |
| DNR-322L |
All Regions |
All H/W Revisions |
11/30/2021 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-323 |
All Regions |
All H/W Revisions |
5/5/2013 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-325 |
All Regions |
All H/W Revisions |
09/01/2017 : Link |
Retire & Replace Device |
11/26/2025 |
| DNS-326 |
All Regions |
All H/W Revisions |
6/30/2013 : Link |
Retire & Replace Device |
11/26/2025 |
| DNS-327L |
All Regions |
All H/W Revisions |
05/31/2020 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNR-326 |
All Regions |
All H/W Revisions |
2/28/2018 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-340L |
All Regions |
All H/W Revisions |
07/31/2019 : Link |
Retire & Replace Device |
11/26/2025 |
| DNS-343 |
All Regions |
All H/W Revisions |
2/28/2020 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-345 |
All Regions |
All H/W Revisions |
2/1/2019 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-726-4 |
All Regions |
All H/W Revisions |
7/1/2014 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-1100-4 |
All Regions |
All H/W Revisions |
6/1/2018 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-1200-05 |
All Regions |
All H/W Revisions |
4/30/2020 : Link
|
Retire & Replace Device |
11/26/2025 |
| DNS-1550-04 |
All Regions |
All H/W Revisions |
4/30/2020 : Link
|
Retire & Replace Device |
11/26/2025 |
Recommendation for End-of-Support/End-of-Life Products
From time to time, D-Link decides that some of its products have reached the End of Support ("EOS") or End of Life (“EOL”). D-Link may choose to use EOS/EOL as a product due to technological evolution, market demands, innovations, and efficiencies based on the latest technologies, or the product may mature over time. In either case, it should be replaced by functionally superior technology.
For US Consumer
If a product has reached the End of Support ("EOS") or End of Life ("EOL"), it typically does not receive further extended support or development.
Typically, D-Link cannot resolve device or firmware issues for these products since all development and customer support have ceased.
D-Link US is prohibited; from providing support for these EOL/EOS products, if you are outside the US, please contact your regional D-Link office. If your device was provided by a licensed carrier (service provider) and firmware, please contact your carrier (service provider). Many devices on this list have available 3rd party firmware; D-Link does not support open firmware, which voids any warranty and is solely the responsibility of the device's owner.
D-Link strongly recommends retiring this product and cautions that further use may be risky to connected devices. If US consumers continue to use these devices against D-Link's recommendation, please ensure the device has the latest firmware, which can be located on the Legacy Website links above. Please also ensure you frequently update the device's unique password to access its web configuration and always have WIFI encryption enabled with a unique password.