Support Announcements
DWL-6600AP/3600AP :: H/W Rev. A :: F/W 4.2.0.12 :: Multiple Security Vulnerabilities

On May 22, 2019, it was disclosed by a 3rd party to D-Link that the DWL-6600AP had multiple security vulnerabilities.

 

The DWL-6600AP is designed to be an indoor Access Point for business environments. With high data transmission speeds, load balancing features, it can be deployed as a standalone wireless Access Point or used as the foundation for a managed wireless network.

 

3rd Party Report Accreditation:

 

Discovered and researched by Sandstorm Security at  pwn _dot_ sandstorm _at_ gmail _dot_ com

Links: https://packetstormsecurity.com/files/153840/dlink6600ap-xssdosdisclose.txt

 

  1. CVE-2019-14338 - Post-authenticated XSS
  2. CVE-2019-14334 - Post-authenticated Certificate and RSA Private Key extraction through http command
  3. CVE-2019-14333 - Pre-authenticated Denial of service leading to the reboot of the AP
  4. CVE-2019-14337 - Escape shell in the restricted command line interface
  5. CVE-2019-14335 - Post-authenticated Denial of service leading to the reboot of the AP
  6. CVE-2019-14336 - Post-authenticated Dump all the config files (post-auth)
  7. CVE-2019-14332 - Use of weak ciphers for SSH

 

Affected Products:

 

This disclosure directly affects the software package and current installations should be update with the new released available to download below. Failure to update may put this software package, the host computer it runs on, and D-Link devices that it manages at risk.

 

Solution/Patch/Fix:

 

 Affected Product Affected Firmware Corrected Firmware Last Updated
DWL-3600AP v4.2.0.14

v4.2.0.15

07/24/2019
DWL-6600AP v4.2.0.14 v4.2.0.15 07/24/2019
DWL-8610AP v4.3.0.10 v4.3.0.10B014C** 07/24/2019

 **The DWL-8610AP corrected firmware addresses the #2 vulnerability.

 

Security Patches

 

These updates address the security vulnerabilities in affected D-Link software package. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

To update we reccomend saving your configuration, uninstall the old package, then install the new update.  Further assistance  can be found via chat or email at http://support.dlink.com