Overview
 
On July 7, 2020, D-Link was made aware of a Command Injection Vulnerability report by Swing of Chaitin Security Research Lab affecting the D-Link Network Attached Storage (NAS): DNS-320 Revison Ax. This disclosures is referenced as CVE-2020-25506

All US consumers using the DNS-320 hardware revision Ax, are recommended to immediately retire and replace the device.

The DNS-320 Rev. Ax reached its End-of-Support Date in 2018 in the US , it is no longer supported, and firmware development has ceased, further recommendations below. 

Report

     Weiming Shi :: Swing of Chaitin Security Research Lab :: weiming.shi _at_ chaitin _dot_ com

      CVE-2020-25506:: Link
 
      Public Disclosure: https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675

Affected Models

Recommendation for End of Service Life Products

While D-Link is aware of the alleged vulnerabilities involving the DNS-320. These products have reached End of Life(EoL)/End of Support(EoS), and there is no extended support or development for them.

D-Link will be unable to resolve Device or Firmware issues since all development and customer support has ceased. 

From time to time, D-Link will decide that sure of its products have reached EOL. D-Link may choose to EoL a product for many reasons, including the shift in market demands, technology innovation, costs or efficiencies based on new technologies, or the product matures over time and is replaced by functionally superior technology.

For US consumers,for EOL/EOS products the recommendation D-Link brand products sold by D-Link in the US be retired, and any further use may be a risk to devices connected to it and end-users connected to it. If US consumers continue to use these products against D-Link's recommendation, please make sure the device has the most recent firmware from https://legacy.us.dlink.com/, installed, make sure you frequently update the device's unique password to access its web-configuration and always have WiFI encryption enabled with a unique password.