Support Announcements
DIR-818Lx Rev Bx / DIR-822 Rev Bx & Cx /DIR-823 Rev Ax / DIR-859 Rev Ax / DIR-865L Rev Ax / DIR-868L Rev Ax & Bx / DIR-869 Rev Ax / DIR-880L Rev Ax / DIR-885L Rev Ax / DIR-890L Rev Ax / DIR-895L Rev Ax :: CVE-2019-17621 :: Unauthenticated remote command execution (RCE) :: CVE-2019-20213 :: Information Disclosure :: CVE-2019-20215/20216/20217 :: RCE via UPnP ssdpcfgi() LAN-side vulnerabilities

Overview


This announcement is an extension of a third-party report involving the DIR-859 Rev. Ax. D-Link confirmed and released patches j(HERE) for this report, and it has public disclosure as CVE-2019-17621 (HERE) and CVE-2019-20213 (HERE). 

 

On November 5, 2019, the same third party reported their original report and related public disclosure of CVE-2019-20215 (HERE), CVE-2019-20216 (HERE), and CVE-2019-20217 (HERE) may also involve other devices which D-Link also discovered and confirmed through its security process:  

 

  • DIR-818Lx Bx firmware v2.05b03_Beta08
  • DIR-822 Cx firmware v3.12b04
  • DIR-822 Bx firmware v2.03b01
  • DIR-823 Ax firmware v1.00b06_Beta
  • DIR-859 Ax firmware v1.06b01_Beta01
  • DIR-865L Ax firmware v1.07.b01
  • DIR-868L Ax firmware v1.12b04
  • DIR-868L Bx firmware v2.05b02
  • DIR-869 Ax firmware v1.03b02_Beta02
  • DIR-880L Ax firmware v1.08b04
  • DIR-890L Ax firmware v1.11b01_Beta01
  • DIR-885L Ax firmware v1.12b05
  • DIR-895L Ax firmware v1.12b10

 

The original security vulnerability, filed under CVE-2019-17621 and CVE-2019-20213, the DIR-859 Rev. Ax device firmware may allow a malicious user an unauthenticated, remote command execution on the device's LAN-Side (in-home) connections. Additional related research filed under CVE-2019-20215, CVE-2019-20216, and CVE-2019-20217 reported unauthenticated command execution in the device firmware via the device's ssdpcgi() CGI interpreter.  

 

Many of the models listed in this security-related reports have reached their End of Support (“EOS”) / End of Life (“EOL”) Life-cycle dates. As a general policy, when the product reaches EOS/EOL, it can no longer be supported, and all firmware development for the product ceases, except in certain unique situations. In these EOS/EOL exceptional cases, D-Link was able to provide a Firmware Beta Patch Release after the EOS/EOL Date. Please see the information and recommendations below.

 
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.

 

Third-Party Report


     Miguel Mendez Z. — (s1kr10s) - Research Center at Telefónica Chile

     Pablo Pollanco — (secenv)  - Research Center at Telefónica Chile   

 

CVE-ID Public Disclosure

 

  • CVE-2019-17621  UPnP  /gena.cgi in the D-Link DIR-859 firmware v1.05 &v1.06B01 Beta01 allows an unauthenticated command execution
  • CVE-2019-20213  D-Link DIR-859 firmware v1.07b03_beta allows unauthenticated information disclosure
  • CVE-2019-20215  D-Link DIR-859 firmware v1.05 & v1.06B01 Beta01 devices allow unauthenticate command execution
  • CVE-2019-20216  D-Link DIR-859 firmware v1.05 & v1.06B01 Beta01 devices allow unauthenticate command execution
  • CVE-2019-20217  D-Link DIR-859 firmware v1.05 & v1.06B01 Beta01 devices allow unauthenticate command execution

 

Affected Products 

 

There is a mix of End-Of-Service Life products and active Life-Cycle products regarding this security issue. Please see below for End-of-Service Life products.

 

For active products to close this, you can download the patch and upgrade it through the device's web-configuration GUI.

 

Model HW Rev. Region Affected FW Fixed FW Recommendation Info Last Update

EoS/EoL Info

DIR-818Lx All Bx Revisions US v2.05b03_Beta08 & older
v2.06b02 Hotfix
Please download & upgrade 01/20/2020 Legacy
DIR-822 All Bx Revisions Non-US v2.03b01 & older
v2.04b02beta01 Hotfix Please download & upgrade 01/22/2020 Not Applicable
DIR-822 All Cx Revisions US v3.12b04 & older
v3.15b03 Hotfix Please download & upgrade 11/22/2019 None/Active SKU
DIR-823 All Ax Revisions Non-US v1.00b06_Beta & older
v1.03b03betab01 Hotifx
Please download & upgrade  12/27/2019 Not Applicable
DIR-859 All Ax Revisions
US v1.06b01Beta01 & older
v1.07b03 beta Hotfix

 Please download & upgrade

11/23/2019 Legacy
DIR-865L All Ax Revisions
US v1.07b01 & older EOL / Not Supported  Please See Below 11/23/2019 Legacy
DIR-868L All Ax Revisions
US v1.12b04 & older v1.20b07 Hotfix Please download & upgrade  12/06/2019 Legacy
DIR-868L All Bx Revisions
Non-US  v2.05b02 & older v2.20b02beta01 Hotfix
Please download & upgrade 12/18/2019 Not Applicable
DIR-869 All Ax Revisions US v1.03b02Beta02 & older v1.04b03beta01 Hotfix Please download & upgrade 12/23/2019 None/Active SKU
DIR-880L All Ax Revisions US  v1.08b04 & older v1.20b03beta01 Hotfix Please download & upgrade 01/06/2020 Legacy
DIR-890L/R All Ax Revisions US  v1.11b01_Beta01 & older v1.21b04_Hotfix Please download & upgrade  01/13/2020 Legacy
DIR-885L/R All Ax Revisions US v1.12b05 & older  v1.21b03_Hotfix Please download & upgrade  12/09/2019 Legacy
DIR-895L/R All Ax Revisions  US  v1.12b10 & older v1.21b05_Hotfx Please download & upgrade 12/16/2019 Legacy

 

Note: Some routers must be updated twice to close this security issue. If you download the fixed firmware, and there are two firmware .BIN files in the ZIP-file, then the two-step update is required. First, update the device from the Device Web-GUI using {Model-Device-Firmware} _middle_STEP_01.bin. Second, update the device from the device from the Web-GUI using {Model-Device-Firmware_STEP_02}.bin.

 

Recommendation for End of Support Life Products

 

 

From time to time, D-Link will decide that some of its products have reached End of Support ("EOS") / End of Life ("EOL"). D-Link may choose to EOS/EOL an effect due to the evolution of technology, market demands, innovations, product efficiencies based on new technologies, or the product matures over time and should be replaced by functionally superior technology.


 

For US Consumer

 

If a product has reached End of Support ("EOS") / End of Life ("EOL"), there is usually no further extended support or development for it. Once a product reaches its EOL/EOS date, all files post regarding the devices are moved to  https://legacy.us.dlink.com/ as the final information archive for the device..

 

Typically for these products, D-Link will not resolve device or firmware issues since all development and customer support have ceased.