Support Announcements
DIR-655 Rev. Cx :: Firmware 3.05b05 and older :: Multiple Vulnerabilities

 Overview

 

In March 2018, D-Link becamea aware of a 3rd Party security researcher that accused the DIR-655 consumer router of several security vulnerability.  The report was confirmed and a patch released.

 

3rd Party Report:

 

Joel St. John :: joel _dot_ stjohn _at_ nccgroup _dot_ trust
Security Consultant NCC Group
joel.stjohn@nccgroup.trust

 

 Details

  • Command injection via device configuration setting
  • Setup wizard can be used to reset password to default
  • Cross-site request forgery
  • Multiple reflected cross-site scripting issues
     

Affected Products and Fixes:

 

Model Revision Affected FW Fixed FW  Last Updated
DIR-655 All C Revisions v3.02B05  v3.02B05_Beta_03 01/17/2019

 

 

Regarding Security patch for your D-Link Devices
 
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
 
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.