Support Announcements
D-Link Devices :: Affected by Realtek Chipset RTL8xxx Realtek SDK vulnerabilities

Overview

 

On August 16, 2021, D-Link became aware of the public disclosure from IoT Inspector of multiple security vulnerabilities in the Realtek Chipset RTL8xxx software development kit (SDK).

 

 

Realtek chipsets are found in many embedded devices in the IoT space. RTL8xxx SoCs – which provide wireless capabilities – are very common. We therefore decided to spend time identifying binaries running on the RTL819xD on our target device, which expose services over the network and are provided by Realtek themselves. Such binaries are packaged as part of the Realtek SDK, which is developed by Realtek and provided to vendors and manufacturers who use the RTL8xxx SoCs.

 

D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.

 

 

D-Link is investigating these reported security issues and if any D-Link Brand WiFi products are affected by these vulnerable.  The latest information regarding this security vulnerability is below. D-Link recommends checking back regularly and keep your device(s) up to date.

 

 

Report

 

              - Realtek Vulnerability Report: Link to Post

                 - IoT Inspector: Link to Post

              - HelpNetSecurity

                 - Tech Radar

  - Duo.com

 

 Details

 

      Affected Versions

          rtl819x-SDK-v3.2.x Series
            rtl819x-SDK-v3.4.x Series
            rtl819x-SDK-v3.4T Series
            rtl819x-SDK-v3.4T-CT Series
            rtl819x-eCos-v1.5.x Series

 

      CVE ID
           CVE-2021-35392 (‘WiFi Simple Config’ stack buffer overflow via UPnP)
           CVE-2021-35393 (‘WiFi Simple Config’ heap buffer overflow via SSDP)
           CVE-2021-35394 (MP Daemon diagnostic tool command injection)
           CVE-2021-35395 (management web interface multiple vulnerabilities)

 

Affected Models

 

Model Hardware Revision  Region Fixed FW Recommendation  Last Updated
DIR-612 Z1 Non-US Not Affected Not Affected 09/24/21
DIR-825 J1 Non-US Not Affected v1.01
Not Affected 09/24/21
DIR-612 X1 Non-US Q4 2021 Pending Release 09/17/21
DIR-615 T2 Non-US v20210930

CVE-2021-35394/95: No impact
CVE-2021-35392/93: Download & Update device

10/17/21
DIR-615 X1 Non-US Q4 2021 Pending Release 09/17/21
DIR-615+ A1 Non-US Q4 2021 Pending Release 09/17/21
DIR-822 E1 Non-US Q4 2021 Pending Release 09/17/21
DIR-825 I1 Non-US Q4 2021 Pending Release 09/17/21
DIR-615 Z1 Non-US v1.0.2_WW_Hotfix Download & Update device 09/24/21
DIR-842 F1 Non-US Q4 2021 Pending Release 09/17/21
DIR-842V2 A1 Non-US Q4 2021 Pending Release 09/17/21
COVR-1100 A1 Non-US Under Investigation Prending 09/17/21
DIR-825 R5 Non-US Not Affected Not Affected 09/24/21
DIR-842 R5 Non-US Not Affected Not Affected 09/24/21
DIR-842 S2 Non-US Q4 2021 Pending Release 09/17/21
DIR-815 R1 Non-US Q4 2021 Pending Release 09/17/21
DIR-822 R1 Non-US Q4 2021 Pending Release 09/17/21
DIR-841 A1 Non-US Q4 2021 Pending Release 09/17/21
DIR-842 R1 Non-US EOL EOL/EOS 09/17/21
DIR-825 R1 Non-US EOL EOL/EOS 09/17/21
DIR-815 R4 Non-US Q4 2021 Pending Release 09/17/21
DIR-822 R4 Non-US Q4 2021 Pending Release 09/17/21
DIR-842 R4 Non-US Q4 2021 Pending Release 09/17/21
DIR-825 R4 Non-US Q4 2021 Pending Release 09/17/21
DSL-124 R1 Non-US v1.00_ME_Hotfix2 Download and Update Device 10/17/21
DSL-224 R1 Non-US (ME Region) vME_1.10 Download and Update Device 10/17/21
DSL-224 S1 Non-US (EMC Region) vEMC_1.01 Download and Update Device 10/17/21
DIR-815 D1 Non-US v4.11WWB01 Download and Update Device 09/24/21
DIR-825 G1 Non-US v7.12B01 Download and Update Device 09/24/21
DIR-825+ A1 Non-US v1.04WWb02 Download & Update device 09/24/21
DAP-1610 B1 Non-US v202B02_Hotfix Download & Update device 10/17/21
DAP-1530 B1 Non-US v2.02B02_Hotfix Download & Update device 10/17/21
DSL-2740U R1 Non-US Q4 2021 Pending Release  09/24/21
DSL-2750U R1 Non-US  Q4 2021 Pending Release  09/24/21
DSL-2640U R1 Non-US  Q4 2021 Pending Release  09/24/21
DSL-G2452GR R1 Non-US Q4 2021 Pending Release 09/24/21
DSL-245GR R1 Non-US Q4 2021 Pending Release 09/24/21
DVG-5402G R1 Non-US Q4 2021 Pending Release 09/24/21
DSL-224/R1A R1 Non-US Q4 2021 Pending Release 09/24/21
DSL-224/019/R1A R1 Non-US Q4 2021 Pending Release 09/24/21
DHP-W610AV B1 Non-US v2.02B13_Beta01 Download & Update device 10/17/21

 

 

Regarding Security patch for your D-Link Devices
 
 
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
 
Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an “as is” and “as available” basis and the user assumes all risk and liability for use thereof. D-Link does not provide any warranties, whether express or implied, as to the suitability or usability of the beta firmware. D-Link will not be liable for any loss, whether such loss is direct, indirect, special or consequential, suffered by any party as a result of their use of the beta firmware.
 

 

If a product has reached End of Support ("EOS") / End of Life ("EOL"), there is normally no further extended support or development for it.  Typically for these products, D-Link will be unable to resolve device or firmware issues since all development and customer support has ceased. D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it. If US consumers continue to use these devices against D-Link's recommendation, please make sure the device has the most recent firmware, make sure you frequently update the device's unique password to access its web-configuration, and always have WIFI encryption enabled with a unique password.

 
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.