Overview
On January 8,2020, D-Link became aware of a security-related issue by a 3rd party that accused the DSL-GS225 DSL gateway, primarily sold in Australia and not in United States,. This research reported was an authenticated command Injection that could be used to elevate to further malicious attacks.
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.
Disclosure
3rd Party:
Nizam Abdallah :: research _at_ btlabs _dot_ com _dot_ au
Binary Technology Labs Pty. Ltd.
CVE-2020-6765 :: Authenticated Command Injection
Affected Products
DSL-GS225 :: Hardware Revision J1 : Firmware Revision : AU_1.0.4
| Model |
HW Rev. |
Region |
Affected FW |
Fixed FW |
Recommendation |
Info Last Update |
| DSL-GS225 |
All HW Rev Jx
|
Non-US
Austrailia
|
AU_1.0.4 and below |
v1.05 Hotfix
|
Please download & Update
|
04/09/2020 |
Security patch for your D-Link Devices
This firmware is an update security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install this relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.