In March 2018, D-Link becamea aware of a 3rd Party security researcher accused the DIR-816 consumer router for the Chinese domestic market of a command injection vulnerability.
3rd Party Report:
https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_3
We encourage owners of the product seek support from http://www.dlink.com.cn/ which will have the latest information available.
Since this time, D-Link has dilegently investigate and patched several issues that were publically disclosed in the following CVE's.
Details
Affected Products and Fixes:
This patch requires a two step upgrade. Please upgrade to “DIR-816V1.11CNB02_middle.img” first, then upgrade a second time to “DIR-816V1.11CNB02_Final.img” that is included with the patch.
| Model |
Revision |
Affected FW |
Fixed FW |
Last Updated |
| DIR-816 |
A2 |
v1.10B05 (2018/01/04) |
v1.11CNB02 |
11/05/2018 |
Regarding Security patch for your D-Link Devices
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.