Support Announcements
DWL-2600AP (Rev. Ax : F/W 4.2.0.15 and Older) Multiple Command Injection Vulnerabilities in Web-GUI command Interface

Overview

 

On April 7, 2019 a 3rd party contacted D-Link accusing the DWL-2600AP of multiple command Injection vulnerability with  Hardware Rev. A with F/W 4.2.0.13, and later verified with current F/W 4.2.0.15.  To identify the hardware revision, please inspect the devices label on bottom of device or device information in your DWS unified wireless controller.

 

3rd Party Information


Raki Ben Hamouda :: raki7bh _at_ gmail _dot_ com

 

Description of Security Issue:

 

Authenticated  vulnerabilities affecting the save, restore, upgrade functions in the GUI.  We refer you tothe authors public posts linked above for further details.

 

Affected Product Models and Patches:

 

 

Model Hardware Revision Affected FW Patch/Beta FW  Full Release FW Last Updated
DWL-2600AP Revision A 4.2.0.15 and older (lower) v4.2.0.15b001c

06/01/2019

05/13/2019

 

 
Regarding Security patch for your D-Link Devices
 
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
 
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.