Support Announcements
(non-US) DSL-GS225 :: H/W Rev. J1 :: FW AU_1.0.4 : CVE-2020-6765 :: Authenticated Command Injection

 

Overview
 

 

On January 8,2020, D-Link became aware of a security-related issue  by a 3rd party that accused the DSL-GS225 DSL gateway, primarily sold in Australia and not in United States,. This research reported was an authenticated command Injection that could be used to elevate to further malicious attacks.
 

D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. 

 

 

Disclosure

 

3rd Party:

Nizam Abdallah :: research _at_ btlabs _dot_ com _dot_ au

Binary Technology Labs Pty. Ltd.

 

 

CVE-2020-6765 :: Authenticated Command Injection

 

 

 
Affected Products

 

DSL-GS225  :: Hardware Revision J1 : Firmware Revision : AU_1.0.4

 

Model HW Rev. Region Affected FW Fixed FW Recommendation Info Last Update
DSL-GS225 All HW Rev Jx

 Non-US

Austrailia

AU_1.0.4 and below v1.05 Hotfix
Please download & Update
04/09/2020

 

Security patch for your D-Link Devices


This firmware is an update security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install this relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.