Support Announcements
DIR-818Lx Rev Bx / DIR-822 Rev Bx & Cx /DIR-823 Rev Ax / DIR-859 Rev Ax / DIR-865L Rev Ax / DIR-868L Rev Ax & Bx / DIR-869 Rev Ax / DIR-880L Rev Ax / DIR-885L Rev Ax / DIR-890L Rev Ax / DIR-895L Rev Ax :: CVE-2019-17621 :: Unauthenticated remote command execution (RCE) :: CVE-2019-20213 :: Information Disclosure :: CVE-2019-20215/20216/20217 :: RCE via UPnP ssdpcfgi() LAN-side vulnerabilities

 

Overview

 

This announement is an extention of CVE-2019-17621 and CVE-2019-20213which accused and D-Link confirmed for the DIR-859 Rev. Ax and has released patches : HERE

 

On November 5, 2019, third party security experts expanded the scope of their report of the DIR-859 to include: DIR-818Lx Bx firmware v2.05b03_Beta08, DIR-822 Cx firmware v3.12b04, DIR-822 Bx firmware v2.03b01, DIR-823 Ax firmware v1.00b06_Beta, DIR-859 Ax firmware v1.06b01_Beta01, DIR-865L Ax firmware v1.07.b01, DIR-868L Ax firmware v1.12b04, DIR-868L Bx firmware v2.05b02, DIR-869 Ax firmware v1.03b02_Beta02, DIR-880L Ax firmware v1.08b04, DIR-890L Ax firmware v1.11b01_Beta01, DIR-885L Ax firmware v1.12b05, DIR-895L Ax firmware v1.12b10.

 

The original security vulnerability, filed under CVE-2019-17621 and CVE-2019-20213 with D-Link original response found here, allowed a malicious user an unathenticated remote command execution on the LAN-Side (in-home). Additional releated research discovered CVE-2019-20215, CVE-2019-20216, and CVE-2019-20217 that are UPnP RCE in MSEARCH via the ssdpcgi() cgi interpreter.

 

In order for this security exploit to be done a malicious user would have to get access to the LAN-side or in-home access to the device which narrows the risk of an attack considerably. Regardless we appreicate the 3rd parties report, confirmmed and released patches to close this issue.


D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.

 

Disclosure  

 

3rd Party Security Expertise

              - Miguel Mendez Z. — (s1kr10s) - Research Center at Telefónica Chile

          - Pablo Pollanco — (secenv)  - Research Center at Telefónica Chile

 

          -  CVE-2019-17621 ::

             - (English) https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f

             - (English) https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104

             - (Spanish) https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9

 

            -  CVE-2019-20213 :: 

             - (English) https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f

             - (Spanish) https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03

 

            -  CVE-2019-20215 :: 

             - (English) https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-rce-in-ssdpcgi-http-st-cve-2019-20215-en-2e799acb8a73

             - (English) https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2019-20215

             - (Spanish) https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-rce-en-ssdpcgi-http-st-cve-2019-20215-es-6ec205f5cf

 

            -  CVE-2019-20216 :: 

             - (English) https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2019-20216

             - (Spanish) https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-en-remote-port-29820d9f0f58

 

            -  CVE-2019-20217 :: 

            - (English) https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2019-20217

            - (Spanish) https://medium.com/@s1kr10s/d-link-dir-859-rce-unauthenticated-en-server-id-e11ca6168d35

             

 


Affected Products
 

 

There is a mix of End-Of-Service Life products and active Life-Cycle products regarding this security issue.  Please see below for End-of-Service Life products.

 

For active products to close this you can download the patch and upgrade the device through the device web-configuration GUI.

 

 

Model HW Rev. Region Affected FW Fixed FW Current FW Recommendation Info Last Update
DIR-818Lx All Bx Revisions US v2.05b03_Beta08 & older
Under Development EOL / Not Supported Scheduled for 01/20/2020 12/26/2019
DIR-822 All Bx Revisions Non-US v2.03b01 & older
Under Development v2.03b1 Scheduled for 01/22/2020 12/26/2019
DIR-822 All Cx Revisions US v3.12b04 & older
v3.15WWb03** v3.15WWb03** Please download & upgrade 12/26/2019
DIR-823 All Ax Revisions Non-US v1.00b06_Beta & older
Under Development v1.00b06_Beta Scheduled for 12/27/2019 12/26/2019
DIR-859 All Ax Revisions
US v1.06b01Beta01 & older
v1.07b03_beta** v1.07b03_beta**

Please download & upgrade

12/26/2019
DIR-865L All Ax Revisions
US v1.07b01 & older EOL / Not Supported EOL / Not Supported  Please See Below  12/26/2019
DIR-868L All Ax Revisions
US v1.12b04 & older v1.20b07_jblf_beta** 1.20b07_jblf_beta** Please download & upgrade  12/26/2019
DIR-868L All Bx Revisions
US  v2.05b02 & older Under Development  v2.05b02  Scheduled for 12/27/2019 12/26/2019
DIR-869 All Ax Revisions US v1.03b02Beta02 & older v1.04b03_beta01**  v1.04b03_beta01** Please download & upgrade 12/26/2019
DIR-880L All Ax Revisions US  v1.08b04 & older  Under Development  v1.20b02Beta01 Scheduled for 01/06/2020  12/26/2019
DIR-890L/R All Ax Revisions US  v1.11b01_Beta01 & older Under Development v1.21b02Beta Scheduled for 01/13/2019  12/26/2019
DIR-885L/R All Ax Revisions  US v1.12b05 & older  v1.21b03**   v1.21b03** Please download & upgrade  12/26/2019
DIR-895L/R All Ax Revisions  US  v1.12b10 & older v1.21b05**  v1.21b05** Please download & upgrade 12/26/2019

 

**Note: Some routers must be updated twice to close this security issue. If you download the fixed firmware, and there are two firmware .BIN files in the ZIP-file, then the two-step update is required. First update the device from the Device Web-GUI using {Model-Device-Firmware}_middle.bin. Second update the device from theD Device Web-GUI using {Model-Device-Final-Firmware}.bin.

 

Notice for US consumter:

Beta veriosns of firmware must meet security spot checks for the issue the Beta version is to address.  This allows us to disclose and provide a fix sooner for our technical users that understand how to manually update the device or call our customer care center for further help.  A fully qualified firmware will come at a later time that meets the full suite fo quality and security software testing we maintain under D-Link Systems, Inc. Comprehensive Software Security program.

 

Security patch for your D-Link Devices


This firmware is an update security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install this relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.

 

Recommendation for End of Service Life Products

 

While D-Link is aware of the alleged vulnerabilities involving some products that have reached End of Life(EoL)/End of Support(EoS) and there is no longer support or development for them. Once a product is past EoL/EoS date, which states on it's product support page or has been transferred to https://legacy.us.dlink.com/,

 

D-Link will be unable to resolve Device or Firmware issues since all development and customer support has ceased.


From time to time, D-Link will decide that certain of its products have reached EoL. D-Link may choose to EoL a product for many reasons, including shift in market demands, technology innovation, costs or efficiencies based on new technologies, or the product simply matures over time and is replaced by functionally superior technology.

 

Once a product is identified as EoL, D-Link will provide the dates for which the support and service for that product will no longer be available.

 

For US consumers, D-Link recommends this product be retired, any further use maybe a risk to devices connected to it and end-users connected to it. If US consumers, continue to use the product against D-Link's recommendation, please make sure the device has the most recent firmware from https://legacy.us.dlink.com/, installed, make sure you frequently update the device's unique password to access it's web-configuration, and always have WiFI encryption enabled with a unique password.

 

While this is an established part of a product’s overall life cycle, D-Link understands that EOL of a product may affect an end-user’s decision to continue to use the product. The chart in the link below outlines D-Link's EOL Policy to help customers better manage their end-of-life transition and to help D-Link better understand its role in helping our customers migrate to alternative D-Link products and technology.

 

D-Link’s End-of-Life Policy can be found here: https://support.dlink.com/EndOfLifePolicy.aspx