Overview
On February 5, 2020, Trend Micro's Zero Day Initiative (ZDI) research team submitted a Comparison Authentication Bypass Vulnerability that may result in a Remote Code Execution (RCE) Security Vulnerability report that affects the DAP-2610 Hardware Revision Ax This vulnerability allowed an malicious user to affect the device that could cause the device to malfunction or disclose information.
3rd Party Report information
- Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI
- Reference
CVE-2020-8862
ZDI-CAN-10082: D-Link DAP-2610 Router login Incorrect Comparison Authentication Bypass Vulnerability
Web: https://www.digitalmunition.me/d-link-dap-2610-router-login-incorrect-comparison-authentication-bypass-vulnerability/
Affected Models
| Model |
Hardware Revision |
Affected FW |
Fixed FW |
Recommendation |
Last Updated |
| DAP-2610 |
All Ax Hardware Revisions |
v2.01RC067 & Below |
v2.01_K2HE_HOTFIX |
Beta |
12/26/2019 |
Regarding Security patch for your D-Link Devices
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.