Support Announcements
Response to Tor-Based Gafgyt Botnet Variant Attack

Overview

On March 5, 2021, a post on threatpost.com accused D-Link devices of being targeted by a new variant of the Gafgyt Botnet. The Gafgyt botnet was discovered in 2014 and is responsbile for launching large-scale distributed denial-of-service (DDoS) attacks. A new varirant was discovered in February 2021 that uses the secure-covert TOR protocol for command and control of affected devices resulting in very stealthy operaion.

 

The 3rd party reported the new variant was using Unauthenticated Remote Code Execution (RCE) vulnerabilities.  These security vulnerability have been addressed as CVE-2019-16920 in 2019 and  CVE-2020-25757 / CVE-2020-25758 / CVE-2020-25759 in 2020.

3rd Party Report information

 

Report provided :: Net360 :: LINK

                   

Report :

   

CVE-2019-16920 :: Unauthenticated Remote Code Execution (RCE) Vulnerability

 

D-Link 2019 Support annoucments:

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10124

 

Summary: Affected Products are DAP-1533 Rv Ax, DGL-5500 Rv Ax, DHP-1565 Rv Ax, DIR-130 Rv Ax, DIR-330 Rv Ax, DIR-615 Rv Ix, (non-US) DIR-652 Rv Bx, DIR-655 Rv Cx, DIR-825 Rv Cx, DIR-835 Rv Ax, DIR-855L Rv Ax, (non-US) DIR-862 Rv Ax, and DIR-866L Rv Ax

 

Fix: Retire and Replace thse devices immediately.  These products have reached end of service life and no longer supported.

   

CVE-2020-25757 / CVE-2020-25758 / CVE-2020-25759 Unauthenticated & Authenticated Command Injection Vulnerabilities

   

D-Link 2020 Support annoucment:

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195

 

Summary: Affected Products are the DSR Family Products including DSR-150, DSR-150N, DSR-250, DSR-250N,DSR-500, DSR-500N, DSR-500AC, DSR-1000, DSR-1000N, and DSR-1000AC

 

Fix: All Models, Hardware Revisions, and Regional derivatives have patches with the exceptions of early,hardware revisions that are end of service life and no longer 

 

Recommendation for End of Service Life Products

 

Any D-Link product that has reached End of Life(EoL)/End of Support(EoS), and there is no extended support or development for it. 

 

D-Link will be unable to resolve Device or Firmware issues since all development and customer support has ceased. 

 

From time to time, D-Link will decide that sure of its products have reached EOL. D-Link may choose to EoL a product for many reasons, including the shift in market demands, technology innovation, costs, or efficiencies based on new technologies. The product has matured over time and replaced by functionally superior technology.

 

For US consumers, for EOL/EOS products, the recommendation D-Link brand products sold by D-Link in the US be retired, and any further use may be a risk to devices connected to it and end-users connected to it. If US consumers continue to use these products against D-Link's recommendation, please make sure the device has the most recent firmware installed. Ensure you frequently update the device's unique password to access its web-configuration and always have WiFI encryption enabled with a unique password.

 

Regarding the Security patch for your D-Link Devices

 

Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually, and we strongly recommend all users to install the relevant updates.

 

Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an "as is" and "as available" basis, and the user assumes all risk and liability for use thereof. D-Link does not offer any warranties, whether express or implied, as to the beta firmware's suitability or usability. D-Link will not be liable for any loss, whether such loss is direct, indirect, special, or consequential, suffered by any party due to their use of the beta firmware.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information is usually found on the product label on the product's underside next to the serial number. Alternatively, they can also be found on the device web configuration.