D-Link Technical Support

Home Support Forums Security Advisories Shop English | French

Support Announcement

(non-US) DIR-610 :: Ax :: Multiple Vulnerabilities on End of Service Life Product

Overview

On June 30 2020, a report from a 3rd-party security researcher accused the DIR-610 Hardware Revision Ax of multiple severe security vulnerabilities.

This product was distributed in Central America, and South America, and not in the Unitied States.

All consumers still using the product should immediately retire and replace the device.

The DIR-610 Rev. Ax reached its End-of-Support Date in 2014 , it is no longer supported, and firmware development has ceased, further recommendations below.

As a part of our standard process, we accept reports from 3rd parties and then confirm the report across the family of products that could be affected by software or hardware design similarities that ship under the D-Link brand globally.

Third-Party Report

Heitor Gouvêa :: hi _at_ heitorgouvea _dot_ me

PoC Video: https://www.youtube.com/watch?v=qiG7YFWqG18

Exploit 1: CVE-2020-9376 : Dump Credentials: https://gist.github.com/GouveaHeitor/dcbb67b301cc45adc00f8a6a2a0a590f

Exploit 2: CVE-2020-9377 : Authenticated RCE: https://gist.github.com/GouveaHeitor/131557f9de7d571f118f59805df852dc

Recommendation for End of Service Life Products

While D-Link is aware of the alleged vulnerabilities involving the DIR-610 These products have reached End of Life(EoL)/End of Support(EoS), and there is no extended support or development for them.

D-Link will be unable to resolve Device or Firmware issues since all development and customer support has ceased.

From time to time, D-Link will decide that sure of its products have reached EOL. D-Link may choose to EoL a product for many reasons, including the shift in market demands, technology innovation, costs or efficiencies based on new technologies, or the product matures over time and is replaced by functionally superior technology.

Once a product is identified as EoL, D-Link will provide the dates for which the support and service for that product will no longer be available.

For US consumers,for EOL/EOS products the recommendation D-Link brand products sold by D-Link in the US be retired, and any further use may be a risk to devices connected to it and end-users connected to it. If US consumers continue to use these products against D-Link's recommendation, please make sure the device has the most recent firmware from https://legacy.us.dlink.com/, installed, make sure you frequently update the device's unique password to access its web-configuration and always have WiFI encryption enabled with a unique password.