Support Announcements
(non-US Models/Revisions) DIR-600M DIR-612 DIR-615 DSL-2750U Windows WPAD 'domain.name' attack

Overview


On November 23, 2017,  D-Link Corporation got a customer report about D-Link router DIR-615 can not connect to internet, cause of the router DHCP default setting Domain name value: "domain.name" has been used to change the user IE browser proxy setting.

 

D-Link was recently made aware of an issue involving leaked WPAD (Web Proxy Auto-Discovery) queries that could result in domain name collisions with our routers’ DHCP default setting domain name. Attackers may register the leaked domain and exploit the leaked queries by configuring users’ IE browser proxies. The following router models could be potentially at risk: DIR-600M/C1, DIR-612/B1, DIR-615/T1 & T3, and DSL-2750U/I1.

 

After our investigation, we found this is a known issue attack by using Windows WPAD (Web Proxy Auto-Discovery Protocol) to change user's IE browser proxy default setting to download a wpad.dat file from a registered "wpad.domain.name" url. This file can be automatically applied on IE's proxy setting to redirect all internet web connection to a malicious proxy IP "185.93.3.123:8080" .

User can easily disable the IE or Edge browser auto detect proxy setting to stop the proxy will solve this problem. And go to router DHCP setting page to set the Domain name value as blank. D-Link has provided the update firmware to fix this default value.

 

Please take the following important actions to help protect your privacy:

  1. Disable the IE or Edge browser auto detect proxy setting.
  2. Go to the router DHCP setting page and set the domain name value as blank.
  3. Check our website regularly for the newest firmware updates.

 

These products are non-US model. As of 01/05/2022 all these models have reached End-of-Life/End-of-Service-Life. The resources associated with these products have ceased their development and are no longer supported. D-Link recommends retiring these products and replacing them with products that receive firmware updates. See below for further details on EOL/EOS products.

 

Below you will find the legacy patches for the model's that close the reported vulnerabilities.

 

3rd Party Report information

    Reports provided: 

   

      - Discovered from Internet posts

      Reference:


      - 
https://www.us-cert.gov/ncas/alerts/TA16-144A

        https://social.technet.microsoft.com/Forums/en-US/e49a45f0-6875-4285-a1d4-5d7de0c63c53/wpad-entry-cannot-browse-websites-using-edge-and-chrome?forum=win10itpronetworking

 

      Details:

 

            1. Please inspect the above links for posted information on the internet

 

 

Affected Models

 

 

Model Hardware Revision  Region Affected FW Patch FW Recommendation  Last Updated
DIR-600M All Cx Hardware Revisions Worldwide All Before Patch  v306TCb01 Download Hotfix and manually update router

01/05/2022

DIR-612 All Bx Hardware Revisions Worldwide All Before Patch  v2.14TCb01 Download Hotfix and manually update router 01/05/2022
DIR-615 All T1 Hardware Revisions Worldwide All Before Patch  v2.018ENb01 Download Hotfix and manually update router 01/05/2022
DIR-615 All T1 Hardware Revisions Brazil/LATA All Before Patch  v2.018LAb01 Download Hotfix and manually update router 01/05/2022
DIR-615 All T3 Hardware Revisions Worldwide All Before Patch  v20.22b02 Download Hotfix and manually update router 01/05/2022
DSL-2750U all India R Hardware Revisions
Worldwide All Before Patch  vIN_R_01.00.10 Download Hotfix and manually update router 01/05/2022

  

Regarding Security patch for your D-Link Devices
 
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
 
Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an “as is” and “as available” basis and the user assumes all risk and liability for use thereof. D-Link does not provide any warranties, whether express or implied, as to the suitability or usability of the beta firmware. D-Link will not be liable for any loss, whether such loss is direct, indirect, special or consequential, suffered by any party as a result of their use of the beta firmware.

 

Recommendation for End of Support /End of Life Products

  
From time to time, D-Link will decide that some of its products have reached End of Support ("EOS") / End of Life (“EOL”). D-Link may choose to EOS/EOL a product due to evolution of technology, market demands,  new innovations, product efficiencies based on new technologies, or the product matures over time and should be replaced by functionally superior technology.

 

For US Consumer

If a product has reached End of Support ("EOS") / End of Life ("EOL"), there is normally no further extended support or development for it.

 

Typically for these products, D-Link will be unable to resolve device or firmware issues since all development and customer support has ceased. 

 

D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it. If US consumers continue to use these devices against D-Link's recommendation, please make sure the device has the most recent firmware, make sure you frequently update the device's unique password to access its web-configuration, and always have WIFI encryption enabled with a unique password.

 
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.