• Home Support Forums Security Advisories Shop     English | French
Support Announcement
DAP-2610 :: Rev. Ax :: FW v2.01RC067 & Below :: CVE-2020-8862 :: Authentication bypass with escalation to RCE


On February 5, 2020, Trend Micro's Zero Day Initiative (ZDI) research team submitted a Comparison Authentication Bypass Vulnerability that may result in a Remote Code Execution (RCE) Security Vulnerability report that affects the DAP-2610 Hardware Revision Ax This vulnerability allowed an malicious user to affect the device that could cause the device to malfunction or disclose information.

3rd Party Report information

          - Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI

          - Reference


            ZDI-CAN-10082: D-Link DAP-2610 Router login Incorrect Comparison Authentication Bypass Vulnerability

            Web: https://www.digitalmunition.me/d-link-dap-2610-router-login-incorrect-comparison-authentication-bypass-vulnerability/



 Affected Models


Model Hardware Revision Affected FW Fixed FW Recommendation  Last Updated
DAP-2610 All Ax Hardware Revisions v2.01RC067 & Below v2.01_K2HE_HOTFIX Beta 12/26/2019


Regarding Security patch for your D-Link Devices
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.