Overview
The DAP-2555, DAP-2565, DAP-3520, and DAP-3525 are legacy wireless access point devices listed below. All models and all hardware revisions have reached End of Life (EOL) and End of Service Life (EOS).
D-Link US and Canada recommend retiring and replacing devices that have reached EOL or EOS. These products no longer receive technical support, firmware updates, or security remediation.
As a general policy, once a product reaches EOS or EOL, all firmware development stops. Review the information and recommendations below before continuing to use these devices.
Third-Party Report Information
Report 1: CVE-2021-28838
Reference: Public vulnerability databases such as NVD
Title: Command Injection vulnerability affecting D-Link legacy DAP access points
CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command
CVSS Scores
Public databases list this vulnerability with high severity due to network-based attack vectors and insufficient input validation. This CVE does not appear in archived D-Link US or Canada security advisories.
Note:
This CVE appears in public vulnerability databases. It does not appear in archived D-Link security bulletins. The affected devices have reached EOL and EOS. Product resources have been discontinued and no longer receive support. D-Link Systems, Inc. recommends retiring these products and replacing them with supported models.
Description
CVE-2021-28838 describes a command-injection vulnerability in multiple legacy D-Link DAP access point models. Improper input handling allows an authenticated attacker to execute arbitrary system commands through crafted requests. No remediation is available due to the product lifecycle status.
Awareness Reported by
Hui Jun Tay :: hui _dot_ jun _dot_ tay _at_ gmail _dot_ com
SEFCOM Laboratories: Link
Affected Products and Firmware Status
DAP-2555
- Hardware Revision: RevA
- Affected Versions: v1.20 and earlier
- End of Support and End of Life: 12/31/2019
- Last Available Firmware: v1.20
- Status: EOL and EOS
DAP-2565
- Hardware Revision: RevA
- Affected Versions: v1.11 and earlier
- End of Support: 05/01/2019
- End of Life: 06/30/2020
- Last Available Firmware: v1.11
- Status: EOL and EOS
DAP-3520
- Hardware Revision: RevA
- Affected Versions: v1.17.RC047 HOTFIX and earlier
- End of Support and End of Life: Reached prior to 2019
- Last Known Firmware: Non-US release dated 12/16/2013
- Status: EOL and EOS
DAP-3525
- Hardware Revision: RevA
- Affected Versions: v1.11 and earlier
- End of Support and End of Life: 03/01/2020
- Last Known Firmware: v1.11Beta03
- Status: EOL and EOS
Reports affecting older or legacy firmware are not accepted. EOL and EOS status means support and service have ended, and no security updates will be released.
Affected Models Summary
|
Model
|
Region
|
Hardware Revision
|
End of Support
|
Legacy Website
|
Last Updated
|
|
DAP-2555
|
All Regions
|
RevA
|
12/31/2019
|
Yes
|
01/19/2026
|
|
DAP-2565
|
All Regions
|
RevA
|
05/01/2019
|
Yes
|
01/19/2026
|
|
DAP-3520
|
All Regions
|
RevA
|
Prior to 2019
|
Yes
|
01/19/2026
|
|
DAP-3525
|
All Regions
|
RevA
|
03/01/2020
|
Yes
|
01/19/2026
|
Recommendations for End of Support and End of Life Products
D-Link periodically designates products as EOS or EOL due to technology changes, market demand, or lifecycle maturity. Products in this status should be replaced with newer models offering improved functionality and active support.
Guidance for US and Canada Consumers
- Products that have reached EOS or EOL no longer receive technical support, firmware updates, or security remediation.
- Continued use of EOL and EOS products increases security risk to connected networks and devices.
- D-Link strongly advises discontinuing use of these products.
Security Reports for EOL and EOS Devices
- D-Link does not accept or validate vulnerability reports for EOL or EOS products.
- No firmware updates or hotfixes will be released.
- The last available firmware appears on the legacy site for reference only:
https://legacy.us.dlink.com/
- Continued use of EOL or EOS devices occurs at the user’s own risk.