Overview
On November 13, 2023, D-Link was informed of a security report by a 3rd party on the (Non-US) DWR-M960 4G AC1200 LTE Router hardware revision Ax with firmware versions v1.1.49.
The malicious user would need access to the LAN side of the device to execute this vulnerability. The configuration file can be downloaded and decoded, which discloses default users, including admin. By updating the configuration file and uploading it to the device, the user can gain admin access to modify the configuration.
When D-Link was aware of the reported security issues, we promptly started our investigation and developed security patches.
Report information
- Reported by Aurora :: tahmidahmed0888 _at_ gmail _dot_ com
Affected Models
Model |
Hardware Revision
|
Region
|
Affected FW
|
Fixed FW
|
Recommendation
|
Last Updated
|
DWR-M960
|
All A Series Hardware Revisions
|
(Non-US)
|
v1.1.49 & Below
|
v1.1.50 Beta-Hotfix
|
Upgrade to Hofix Patch
|
11/21/2023
|
Regarding the Security patch for your D-Link Devices
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually, and we strongly recommend all users to install the relevant updates.
Please note that this device's beta software, beta firmware, or hot-fix release is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an “as is” and “as available” basis, and the user assumes all risk and liability for use thereof. D-Link does not offer any express or implied warranties regarding the suitability or usability of the beta firmware. D-Link will not be liable for any direct, indirect, special, or consequential loss suffered by any party due to their use of the beta firmware.
As our products have different hardware revisions, please check this on your device before downloading the corresponding firmware update. The hardware revision information is usually found on the underside of the product label next to the serial number. Alternatively, they can also be found on the device web configuration.