Support Announcements
Mozi P2P Botnet :: Accused Product Firmware Patches :: Command Execution and UPnP Security Vulnerabilities


On Decembeer 23, 2019,  the following products were accused of being affected by the Mozi Botnet including D-Link DAP-1522 Rev. Bx, DIR-300 Rev. Bx, DIR-600 Rev Bx, DIR-629 Rev. Ax, DIR-645 Rev. Ax, DIR-815 Rev. Ax, DIR-816L Rev. Ax & Bx, DIR-817Lx Rev. Ax, DIR-818Lx Rev. Ax & Bx, DIR-820L Rev. Ax, DIR-825 Rev. Ax, DIR-850L Rev. Ax & Bx, DIR-860L Rev. Ax, DIR-865L Rev. Ax, DIR-868L Rev. Ax, DIR-880L Rev. Ax, and DIR-890L/R Rev. Ax  Models.
The disclosure reports that Mozi is using two exploits on these devices which have been fixed prior to 2015.  We reference those available fixes below.

United States Consumer Notice
Many of these devices are beyond End-of-Service Life (EOL) and are no longer supported by D-Link.  D-Link recommends that you retire EOL products and upgrade to current available products that are receiving software/firmware updateds.  If owners of these products choose to continue to use these products at their own risks against D-Link US recommendation, insure you update to the last known firmware archive that has been moved to


D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.


Zhang Wei (Qihoo360 ADLAB) :: CVE-2015-2051:: HNAP SOAPAction-Header Command Execution (Here)
Samuel Huntley :: Exploit-DB (Here) :: UPnP SOAP TelnetD Command Execution


Affected Product

For End-Of-Service Life products and active products regarding this security issue.  Please see below for Reccomendations for End-of-Service Life products.


 For active products to close this you can download the patch and upgrade the device through the device web-configuration GUI.



HW Rev


Affected FW

Fixed FW

Current FW Recommend

Last Updated

DAP-1522 B1


v2.01B01 & older  EOL Please See Below 04/25/2015
DIR-300 B1 Non-US v2.15B01 & older
 N/A See 04/25/2015
DIR-600 B1 US v2.17B02 & older  EOL Please See Below 04/25/2015
DIR-601 B1 US v2.02B02 & older    2.02.BETA01B01   11/20/2015
DIR-629 A1


v1.01 & older
 N/A See 04/25/2015
DIR-645 A1 US v1.05b01 & older  EOL Please See Below 07/17/2015
DIR-815 B1 US v2.04b01 &olderr   EOL Please See Below 07/17/2015
DIR-816L A1 US v1.00 & older   EOL Please See Below 04/23/2015
DIR-816L B1 US v2.05B02 & older  EOL Please See Below 04/22/2015
DIR-817Lx A1 US v1.04B01 & older  v1.04B04beta   04/22/2015
DIR-818Lx A1 US v2.05 & older  v2.06b01   04/21/2015
DIR-818Lx B1 US v2.05 & older
 v2.06b01   04/21/2015
DIR-820Lx B1 US v2.01 & older  v2.03b01   04/24/2015
DIR-825 Cx US v3.01 & older v3.01b12 EOL Please See Below 07/23/2015
DIR-850L Ax US

v1.13B01 & older

 v1.21B08_WW   09/08/2016


US v2.05B01 & older v2.07B05 v2.22B03_WW  


DIR-860L Ax US

v1.10B04 & older

v1.11b01_Hotfix EOL Please See Below 04/24/2015
DIR-860L Bx US v2.03B03 & older v2.04b04_Hotfix EOL Please See Below 04/24/2015
DIR-865L A1 US v1.07B01 & older EOL Please See Below 04/24/2015
DIR-868L A1 US v1.10B03 & older
 v1.20b01_Beta   07/17/2015
DIR-880L A1 US v1.04B01 & older
 v1.20b02_Beta01   07/17/2015
A1 US v1.06B04 & older
 v1.21b02_Beta   07/17/2015


Security patch for your D-Link Devices

This firmware is an update security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install this relevant updates.


As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.



Recommendation for End of Service Life Products


While D-Link is aware of the alleged vulnerabilities involving the these products some have reached End of Life(EoL)/End of Support(EoS) and there is no longer support or development for them. Once a product is past EoL/EoS date, which states on it's product support page or has been transferred to,


Since this botnet is utilizing older security vulnerabilities, most products have already been patched, however D-Link will be unable to resolve any further Device or Firmware issues since all development and customer support has ceased.

From time to time, D-Link will decide that certain of its products have reached EoL. D-Link may choose to EoL a product for many reasons, including shift in market demands, technology innovation, costs or efficiencies based on new technologies, or the product simply matures over time and is replaced by functionally superior technology.


Once a product is identified as EoL, D-Link will provide the dates for which the support and service for that product will no longer be available.


For US consumers, D-Link recommends this product be retired, any further use maybe a risk to devices connected to it and end-users connected to it. If US consumers, continue to use the product against D-Link's recommendation, please make sure the device has the most recent firmware from, installed, make sure you frequently update the device's unique password to access it's web-configuration, and always have WiFI encryption enabled with a unique password.


While this is an established part of a product’s overall life cycle, D-Link understands that EOL of a product may affect an end-user’s decision to continue to use the product. The chart in the link below outlines D-Link's EOL Policy to help customers better manage their end-of-life transition and to help D-Link better understand its role in helping our customers migrate to alternative D-Link products and technology.


D-Link’s End-of-Life Policy can be found here: