D-Link has been informed of a vulnerability called BLURtooth that could potentially allow for key overwrite attacks on devices supporting Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD). D-Link has immediately investigated and confirmed that D-Link products are not affected by this vulnerability.

D-Link’s Bluetooth-supported products use a proprietary encryption mechanism as a security measure. Additionally, the products only use Bluetooth during initial product setup, after which it is closed. Therefore, D-Link confirms that their products are not affected by BLURtooth. As soon as Bluetooth SIG has updates, D-Link will upgrade their products accordingly to ensure the safety and privacy of their products and users.  

References:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802
• https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709
• https://www.kb.cert.org/vuls/id/589825