Overview
The following was originally posted by D-Link in Dec. 2016. This announcement has been updated in regards to the latest information published on April 4, 2019, regarding DNSChanger Malware.
In December of 2016, Tom’s Guide published a report discussing “a new malvertising campaign attacking at least 166 models from multiple manufacturers.”
While there was evidence that the malware was targeting 166 distinct router models, only a few were identified. One of the identified models was the D-Link DSL-2740R. D-Link has previously offered firmware patches for this.
D-Link has been made aware of a new post by a third party, which expands the scope of the identified products and firmware patches, naming the D-Link DSL-2640B, D-Link DSL-2780B, and D-Link DSL-526B. These products are not sold in the US.
Accreditation and Coordination
(12/2016) : http://www.tomsguide.com/us/malvertising-router-attack,news-24034.html
Additional internet news posts from 2016 includes:
(04/04/2016) :https://badpackets.net/ongoing-dns-hijacking-campaign-targeting-consumer-routers/
Troy Mursch : badpackets.net/author/badpackets/
Exploit-DB:
DSL-2640B / Hardware Rev. T1 / Firmware GE_1.07 / Non-US : Link
DSL-2740R / Hardware Rev. Ax / Firmware EU_1.15 / Non-US : Link
DSL-2780B / Hardware Rev. Ax / Firmware DLINK_1.01.14 / Non-US : Link
DSL-526B / Hardware Rev. Bx / Firmware AU_2.01 / Non-US : Link
Additional internet news posts from 2019 includes:
Affected Product Models and Patches:
The products named in the most recent report are deployed with firmware not offered in the US and not posted on http://support.dlink.com. In addition, some of these models are deployed directly from carriers using certified and custom configurations.
If you received any of these devices from your carrier, please contact them directly for patches.
The firmware post is US firmware that is adapted for Specific Regional DSL deployments. It is recommended that you contact your regional D-Link Customer Care for specific fixes. By using firmware that is not intended for your region or carrier, you place your device and information at risk and may even disable the device in doing so.
| Model | Hardware Revision | Region | Affected FW | Fixed FW | Last Updated |
| DSL-526B | All Revision B | Australia | AU v2.01 and older (lower) | Under Investigation | 04/05/2019 |
| DSL-2640B | All Revision T | Malaysia | GE v1.07 and older (lower) | Under Investigation | 04/05/2019 |
| DSL-2740R | All Revision A | Europe | EU v1.15 and older (lower) | http://tsd.dlink.com EU_1.17 | 01/2015 |
| DSL-2780B | All Revision A | AU/NZ/EU | v1.01.14 and older (lower) | Under Investigation | 04/05/2019 |
Options for D-Link Routers and Gateways that are no longer supported or are under investigation :
1. Contact your DSL Service Provider or Regional D-Link Customer Care for latest information and patches.
2. Perform a factory reset on the device using its web-configuration interface at http://192.168.0.1. Then, set a new, unique password, and complete the setup for your DSL carrier.
3. Modify the device through its web-configuration interface at http://192.168.0.1, and manually set the Domain Name Server (DNS) values. Instructions can be found in the device’s User Manual here):
- Google DNS : 8.8.8.8 or 8.8.4.4
- Cloudflare DNS: 1.1.1.1
Regarding Security Patches for your D-Link Devices
Firmware updates address any potential security vulnerabilities in affected D-Link devices. D-Link will continually update this and strongly recommends that all users install the relevant updates.
As there are different hardware revisions on our products, please check your device to ensure you download the correct firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, it can also be found on the device web configuration.