Overview
The DAP-2310 and all hardware revisions have reached their end-of-life ("EOL") /End-of-Service Life ("EOS") Life Cycle. D-Link US recommends retiring and replacing D-Link devices that have reached EOL/EOS. Please get in touch with your regional office for recommendations (LINK).
As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products ceases. Please read the information and recommendations below.
3rd Party Report information
Report 1:
Hahna Latonick _at_ darkwolfsolutions _dot_ com
Dark Wolf Solutions, LLC:: www.darkwolfsolutions.com
Vulnerability: DAP-2310 Hardware Revision A, Firmware v 1.16RC028, has been accused of having an unauthenticated RCE vulnerability. Below are more details about the vulnerability, and attached is the proof-of-concept, which Dark Wolf Solutions has named BouncyPufferfish.
Description: BouncyPufferfish exploits a stack-based buffer overflow in the ATP binary that handles PHP HTTP requests for the Apache HTTP Server (httpd), which runs on the D-Link DAP-2310 Wireless Access Point device. BouncyPufferfish achieves remote code execution by running a crafted curl command that sends an HTTP GET request to the device, triggers the buffer overflow, exercises an ROP chain, and ultimately calls system() to execute arbitrary shell commands.
Affected Models
Model
|
Region
|
Hardware Revision
|
End of Support
|
Legacy Website
|
Last Updated
|
DAP-2310
|
Worldwide
|
All Series H/W Revisions
|
11/30/2021
|
Yes (Link)
|
07/09/2024
|
Recommendation for End of Support /End of Life Products
From time to time, D-Link will decide that some of its products have reached the End of Support ("EOS") / End of Life (“EOL”). D-Link may choose to EOS/EOL a product due to technological evolution, market demands, new innovations, product efficiencies based on new technologies, or the product maturing over time and should be replaced by functionally superior technology.
For US Consumer
If a product has reached the End of Support ("EOS") / End of Life ("EOL"), it usually does not receive further extended support or development.
Typically, D-Link cannot resolve device or firmware issues for these products since all development and customer support have ceased.
D-Link strongly recommends that this product be retired and cautions that further use may be risky to connected devices. If US consumers continue to use these devices against D-Link's recommendation, please ensure the device has the most recent firmware, frequently updates its unique password to access its web configuration, and always has WIFI encryption enabled with a unique password.