Support Announcements
DCS-960L :: All Revisions :: End of Support / End of Life Product :: Reporting Multiple Vulnerabilities

 

 Important Notice

If you purchased this product in the US after June 5, 2020 please contact D-Link US Customer Care for Replacement

1-877-453-5465  - or - E-Mail: support@dlink.com  - or -  Chat : https://support.dlink.com/

 

Overview

 

On June 6, 2020, a 60-Day End-of-Service-Life ("EOS") Notice was provided to the public. D-Link sent the EOS notice via e-mail. The EOS notice was posted on http://support.dlink.com and http://mydlink.com/support. The EOS notice was sent to the mobile application owners use to interact with the camera.


On July 20, 2020, a 3rd party security research team, Trend Micro's Zero Day Initiative (ZDI), submitted a series of four (4) reports accusing the DCS-960L Hardware Revision A with firmware v1.09.02 of four (4) security vulnerabilities. 

 

DCS-960L has reached its End of Support ("EOS") / End of Life ("EOL") Date on 08/07/2020. As a general policy, when the product reaches EOS/EOL it can no longer be supported, and all firmware development for the product ceases, except in certain unique situations. 

 

Any US consumer that purchased the device between 06/06/2020 and 08/07/2020, please contact us at one of the points above, and we will exchange the camera for a current mydlink IP Camera of a similar or better model.

 

As a part of our standard process, we accept reports from 3rd parties and then confirm the report across the family of products that could be affected by software or hardware design similarities or shipped under the D-Link brand globally.

 

 3rd Party Report Information (Ordered by Date of Submission):


          - Reports provided:
chung96vn of Vietnam's NCSC working with Trend Micro's Zero Day Initiative (ZDI) :: zdi-disclosures _at_ trendmicro _dot_ com

                   - Vulnerability A : 07/20/2020 : ZDI-CAN-11360 : HNAP Cookie Format String Remote Code Execution Vulnerability
                   - Vulnerability B : 07/21/2020 : ZDI-CAN-11352 - HNAP Credentials Incorrect Implementation of Authentication Algorithm Bypass Vulnerability
                   - Vulnerability C : 07/22/2020 : ZDI-CAN-11366 : HNAP Login Cookie Format String Remote Code Execution Vulnerability
                   - Vulnerability D : 07/29/2020 : ZDI-CAN-11359 - HTTP Authorization Header Stack-based Buffer Overflow Remote Code Execution Vulnerability

Affected Models

 

Model Hardware Revision Affected FW  Last Updated
DCS-960L All Hardware Revisions v1.09.02 & Below 01/15/2020

 

Recommendation for End of Support Life Products

 

From time to time, D-Link will decide that some of its products have reached End of Support ("EOS") / End of Life ("EOL"). D-Link may choose to EOS/EOL an effect due to the evolution of technology, market demands, innovations, product efficiencies based on new technologies, or the product matures over time and should be replaced by functionally superior technology.

 

For US Consumers:

 

If a product has reached End of Support ("EOS") / End of Life ("EOL"), there is usually no further extended support or development for it. Once a product reaches its EOL/EOS date, it is transferred to https://legacy.us.dlink.com/

 

Typically for these products, D-Link will not resolve device or firmware issues since all development and customer support have ceased. 

 

D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it. If US consumers continue to use the DCS-960L against D-Link's recommendation, please make sure the device has the most recent firmware from https://legacy.us.dlink.com/ installed; you frequently update the device's unique password to access its web-configuration and always have WIFI encryption enabled with a unique password.