• Home Support Forums Security Advisories Shop     English | French
Security Announcement
Announcement > SAP10388
(Non-US) D-Link Network Assistant :: v 4.0.0.21 :: All Versions : End-of-Life (EoL) & End-of-Service (EoS) :: Vulnerability Reported
Publication ID: SAP10388
Resolved Status: Yes
Published on: 14 May 2024 10:29 GMT
Last updated on: 16 May 2024 3:24 GMT

 

 

Overview

 

On August 28, 2023, third-party security research from TrendMicro ZDI reported multiple vulnerabilities in the D-Link Network Assistant v 4.0.0.21 platform was affected by an Uncontrolled Search Path Element Local Privilege Escalation Vulnerability.

 

On June 30, 2022 the resources associated with these products have ceased their development and are no longer supported.  D-Link Systems, Inc. recommends retiring these products and replacing them with products that receive firmware updates.

D-Link takes network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.

 

Report Information  

 

         - Reported by TrendMicro ZDI 

 

                   - ZDI-CAN-21426D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

 

Affected Models

 

 

Model

 

 

 

Software Version

 

 

 

 Region

 

 

 

Conclusion

 

 

 

 Last Updated

 

 

Network Assistant


v 4.0.0.21 and below


(Non-US)

Retire and Remove

this applicaiton from use.
EOL/EOS: 6/30/2022

05/16/2024

 

Regarding the Security patch for your D-Link Devices

 

Firmware and software updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

Just so you know, this is a device beta software, beta firmware, or hot-fix release that is still undergoing final testing before its official release. The beta software, beta firmware, or hot fix is provided on an “as is” and “as available” basis and the user assumes all risk and liability for use. D-Link does not offer any express or implied warranties regarding the suitability or usability of the beta firmware. D-Link will not be liable for any loss, whether direct, indirect, special, or consequential, suffered by any party due to their use of the beta firmware.

 

As our products have different hardware revisions, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, it can also be found on the device's web configuration.