Support Announcements
(non-US) DSL-GS225 :: H/W Rev. J1 :: FW AU_1.0.4 : CVE-2020-6765 :: Authenticated Command Injection




On January 8,2020, D-Link became aware of a security-related issue  by a 3rd party that accused the DSL-GS225 DSL gateway, primarily sold in Australia and not in United States,. This research reported was an authenticated command Injection that could be used to elevate to further malicious attacks.

D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. 





3rd Party:

Nizam Abdallah :: research _at_ btlabs _dot_ com _dot_ au

Binary Technology Labs Pty. Ltd.



CVE-2020-6765 :: Authenticated Command Injection



Affected Products


DSL-GS225  :: Hardware Revision J1 : Firmware Revision : AU_1.0.4


Model HW Rev. Region Affected FW Fixed FW Recommendation Info Last Update
DSL-GS225 All HW Rev Jx



AU_1.0.4 and below v1.05 Hotfix
Please download & Update


Security patch for your D-Link Devices

This firmware is an update security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install this relevant updates.


As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.