Support Announcements
DAP-1520 Rev. Ax FW 1.10B04 / DAP-1522 Rev. Ax FW 1.42 / DIR-816L Rev. Bx FW 2.06.B09 :: End of Support Recommendation for Disclosed Vulnerabiltieis

Overview

 

On February  9, 2019, a report from a security researcher accused the DAP-1520 Rev. Ax  FW 1.10B04 / DAP-1522 Rev. Ax FW 1.42 / DIR-816L Rev. Bx FW 2.06.B09 of potentially having multiple security vulnerabilities.

 

DAP-1520 (EOS: 03/08/2019) / DAP-1522 (EOS: 07/01/2016) / DIR-816L (EOS: 03/01/2016) have reached its End-of-Support ("EOS") / End-of-Life ("EOL") Date. As a general policy, when the product reaches EOS/EOL, it  can no longer be supported, and all firmware development for the product ceases, except in certain unique situations.  In this particular case for DAP-1520, D-Link was able to provide a Beta Patch Release after the EOS/EOL Date.  Please see information and recommendations below. 

 

As a part of our standard process, we accept reports from 3rd parties and then confirm the report across the family of products that could be affected by software or hardware design similarities that are or were shipped under the D-Link brand globally.
 

Third-Party Report

 

         Ace Team :: Loginsoft ::  researchteam _at_ loginsoft _dot_ com

 

                CVE-2020-15892 :: Link :: DAP 1520 :: Buffer overflow in the `ssi` binary, leading to arbitrary command execution.

                CVE-2020-15893 :: Link :: DIR-816L :: Command injection vulnerability in the UPnP via a crafted M-SEARCH packet

                CVE-2020-15894 :: Link :: DIR-816L :: Exposed administration function, allowing unauthorized access to the few sensitive information.

                CVE-2020-15895 :: Link :: DIR-816L :: Reflected XSS vulnerability due to an unescaped value on the device configuration

                                                                              webpage.                 

                CVE-2020-15896 :: Link :: DAP-1522 :: Exposed administration function, allowing unauthorized access to the few sensitive information.

 

Exceptional Beta Patch Release 

 

Released: v1.10b04Beta02 07-13-2020 :: LINK

 

D-Link continues to recommend that for the End Of Support (“EOS”) / End of Life (“EOL”) products , a product owner should retire the EOS/EOL product and replace the EOS/EOL product for an actively supported product.

 

Owners of the DAP-1520 who use this product beyond EOS/EOL, at their own risk, should manually update to the latest firmware. This beta release is a result of investigation based on the understanding of the report and is released after a complete investigation of the entire family of products that may be affected. Releasing firmware after EOS/EOL is not a standard operating procedure.

 

Affected products

 

Model Hardware Revision Affected FW Fixed FW Recommendation  Last Updated
DAP-1520 All Ax Hardware Revisions v1.10B04 & Below
v1.10b04Beta02 EOS Retaire & Replace 07/13/2020
DAP-1522 All Ax Hardware Revisions v1.42 & Below Not Available EOS Retaire & Replace 07/21/2020
DIR-816L All Bx Hardware Revisions v12.06.B09 & Below Not Available EOS Retaire & Replace 07/21/2020

 

Recommendation for End of Support Life Products

 

From time to time, D-Link will decide that some of its products have reached End of Support ("EOS") / End of Life (“EOL”). D-Link may choose to EOS/EOL a product due to evolution of technology, market demands,  new innovations, product efficiencies based on new technologies, or the product matures over time and should be replaced by functionally superior technology.

 

For US Consumer

 

If a product has reached End of Support ("EOS") / End of Life ("EOL"), there is normally no further extended support or development for it. Once a product reaches its EOL/EOS date, it is transferred to  https://legacy.us.dlink.com/

 

Typically for these products, D-Link will be unable to resolve device or firmware issues since all development and customer support has ceased. 


This DAP-1520 is an exceptional circumstance in which D-Link is able to provide a Beta Patch Release. However, D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it. If US consumers continue to use the DAP-1520 against D-Link's recommendation, please make sure the device has the most recent firmware from https://legacy.us.dlink.com/ installed, make sure you frequently update the device's unique password to access its web-configuration, and always have WIFI encryption enabled with a unique password.