Support Announcements
DSL-2750B - OS Command Injection Vulnerability Report - Exploit Database

Summary 

 

D-Link is aware and has been investigating of the disclosure posted at Exploit Database . As we have proceded though our investigation, we have discovered a number of inaccuracies regarding the affected versions of DSL-2750B.  D-Link continues to keep open communication with the security research community and we are available globally for security incident reports at security @ dlink.com.

 

References

 

Exploit-Database - Link

Netlab 360 - Link

Ars Technica - Link

 

Details

 

The D-Link DSL-2750B is only availble in the US as a project SKU for services providers.  Each US deployment requires specific firmware to meet the service providers requirements. Outside the US, the product is prepared for the consumer retail sales channel, which does carry a D-Link Brand firmware associated with this vulnerability exploit. All the devices will identify as D-Link DSL-2750B, however due to their unique firmware traits many are not affected by this vulnerability report.

 

Due to the different deployment channels between US and Global, the DSL-2750B is not index on http://suppport.dlink.com which represents the US product offer. In the US, customer care for the DSL-2750B is coordinated through the service provider that provides it to their customers.  Outside the US, support can be found at your regional D-Link office  or at https://tsd.dlink.com.tw/.

 

Please reference the table below for the latest information on affected devices.

 

 

Affected Products

 

Model
Hardware Rev. Branded Affected Firmware Fixed Firmware Last Updated
DSL-2750B T1/T2 Verizon & D-Link None

Fix Not Required

07/11/18
DSL-2750B-SG T1  D-Link Only None Fix Not Required 07/11/18
DSL-2750B-US T1 D-Link Only  None  Fix Not Required 07/11/18
DSL-2750B Ax/Bx/Cx/Ex/Fx/Tx D-Link Only (non-US) None Fix Not Required 07/11/18
DSL-2750B Dx D-Link Only (non-US) v1.04.xx and older EU v1.05 07/11/18

 

Security patch for your D-Link Devices

 

D-Link will update this annoucement continually.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.