Security Advisories
Security Advisories
Global Security Advisories, Responses, and Notices
View By: Vulnerability | Model Number
Title Resolved Published Last Updated Related Products
D-Link Routers :: WPS-PIN factory default vulnerable
Publication ID: SAP10047
Partial 1 November 2014
12:41 GMT
4 November 2014
2:17 GMT
DAP-1350
DAP-1555
DGL-4500
DHP-1320
DIR-451
DIR-601
DIR-615
DIR-628
DIR-632
DIR-636L
DIR-651
DIR-655
DIR-657
DIR-808L
DIR-810L
DIR-825
DIR-826L
DIR-827
DIR-835
DIR-836L
DIR-855
DIR-857
DGS-1210-xx Rev. C1 / DGS-1500-xx Rev. Ax - OpenSSL CCS Injection Vulnerability
Publication ID: SAP10046
Yes 31 October 2014
8:11 GMT
31 October 2014
8:11 GMT
DGS-1210-20
DGS-1210-28
DGS-1210-28P
DGS-1210-52
DGS-1500-28
DGS-1500-28P
DGS-1500-52
DSR-500 / DSR-500N / DSR-1000 / DSR-1000N - OpenSSL CCS Injection Vulnerability
Publication ID: SAP10045
Yes 9 October 2014
1:31 GMT
9 October 2014
1:31 GMT
DSR-1000
DSR-1000N
DSR-500
DSR-500N
"Shell Shock" - GNU Bash shell vulnerabile to command injection vulnerability that may allow remote code execution.
Publication ID: SAP10044
Open 25 September 2014
9:24 GMT
6 October 2014
11:05 GMT
DIR-626L / DIR-636L / DIR-826L / DIR-836L - Authentication Bypass - USB Storage Directory Traversal - UPnP Buffer Overflow - Cross-Site Request Forgery (CSRF) Unauthenticated Bypass - Information Disclosure - / / v. 1.02 /
Publication ID: SAP10043
Yes 21 August 2014
9:04 GMT
11 September 2014
12:04 GMT
DIR-626L
DIR-636L
DIR-826L
DIR-836L
UPnP Software Stack Vulnerabilities (Rapid7) - Command Injection Via UDP - Affected/Corrected Devices
Publication ID: SAP10036
Yes 3 July 2014
1:10 GMT
21 August 2014
10:47 GMT
DWL-3200AP Rev. Ax / Bx - Unauthorized Command Bypass / Information Disclosure - FW: 2.40 / 2.55RC515
Publication ID: SAP10041
Partial 6 August 2014
11:47 GMT
14 August 2014
11:37 GMT
DWL-3200AP
DAP-2553 - Multiple Security Vulnerabilities: Authentication Bypass, XSS, CSRF, Remote Command Injection - Firmware 1.27 and lower
Publication ID: SAP10006
Yes 26 November 2013
10:56 GMT
11 August 2014
10:26 GMT
DAP-2553
DSP-W215 - Rev. A1 - Stack Overflow - Command Bypass - Information Disclosure- (FW 1.02 and Older)
Publication ID: SAP10027
Yes 15 May 2014
10:04 GMT
11 August 2014
10:22 GMT
DIR-280 - Rev. A1 - Change User Credentails without Authentication
Publication ID: SAP10021
Yes 17 March 2014
11:18 GMT
11 August 2014
10:20 GMT
DIR-280
DIR-652 / DIR-835 / DIR-855L / DGL-5500 / DHP-1565 - Storage of Passwords in clear text, Cross-Site Scripting (XSS), Information Disclosure - (FW 1.02b18/1.12b02 or older)
Publication ID: SAP10025
Partial 8 May 2014
9:10 GMT
11 August 2014
10:13 GMT
DGL-5500
DHP-1565
DIR-652
DIR-835
DIR-855L
DNS-315 / DNS-320 / DNS-320L / DNS-320LW / DNS-325 / DNS-327L / DNS-345 - Vulnerability allows unauthorized access to reboot/shutdown/reset - F/W (Varies/Model Table Attached)
Publication ID: SAP10040
Yes 16 July 2014
9:40 GMT
11 August 2014
10:10 GMT
DNS-315L
DNS-320
DNS-320L
DNS-320LW
DNS-325
DNS-327L
DNS-345
DIR-605L - Rev. A1 - Information Dislosure - Plain Text Password Display - Unauthorized Command By-pass - (FW 1.14 and Older)
Publication ID: SAP10028
Open 22 May 2014
6:44 GMT
11 August 2014
9:42 GMT
DIR-605L
DNS-315L Rev. Ax / DNS-320L Rev. Ax / DNS-327L Rev Ax / DNS-340L Rev A1 / DNS-345 -Rev Ax - Command Injection allows Unauthenticated Command Bypass
Publication ID: SAP10042
Partial 9 August 2014
12:20 GMT
11 August 2014
8:40 GMT
DNS-315L
DNS-320L
DNS-327L
DNS-340L
DNS-345
OSPF Feature Vulnerability - Recommendations for D-Link Products supporting OSPF
Publication ID: SAP10037
Yes 3 July 2014
5:21 GMT
17 July 2014
6:46 GMT
OpenSSL Security Vulnerability - aka. "Heartbleed Bug" - CVE-2014-0160 - Security Incident Response for D-Link Devices and Services
Publication ID: SAP10022
Yes 11 April 2014
1:39 GMT
17 July 2014
5:24 GMT
DIR-505 / DIR-505L / DAP-1320 - All Revisions - Stack Overflow - Command Bypass - Information Disclosure - (FW: 1.07 and older / 1.01 and older)
Publication ID: SAP10029
Partial 23 May 2014
5:19 GMT
17 July 2014
4:54 GMT
DAP-1320
DIR-505
DIR-505L
DAP-1320 - Path Traversal, Cross-Site Scripting (XSS) Vulnerabilities
Publication ID: SAP10024
Yes 8 May 2014
6:34 GMT
17 July 2014
4:34 GMT
DAP-1320
DNS-320 - H/W Ax - Command Injection resutls in Root Shell - F/W 2.03 and older
Publication ID: SAP10039
Yes 16 July 2014
8:48 GMT
16 July 2014
10:36 GMT
DNS-320
DNR-322L/DNR-326 Rev. Ax - Multiple Vulnerabilities - F/W 1.x and Older
Publication ID: SAP10038
Yes 16 July 2014
7:03 GMT
16 July 2014
7:03 GMT
DNR-322L
DNR-326