Support Announcements
DIR-601 H/W Rev. Bx :: CVE-2018-5708 :: LAN-Side Unauthenticated Information Disclosure and Poor Credential Mangement

Overview

 

D-Link was contacted on December 27, 2017 by a 3rd party regarding a possible security vulnerability with the DIR-601 Hardware Rev. Bx.  (To identify your hardware revision, please inspect the device’s label on the bottom of the device.)

 

All DIR-601 consumer IP routers, including Hardware Rev. Bx, are past their service life and are no longer supported by D-Link. There will not be further software updates for these products.

 

3rd Party Information

 

Kevin Randall  :: krandall2013 _at_ gmail _dot_ com


CVE-2018-5708 :: Link to Post

Exploit DB :: Link to Post
 

Description of Security Issue:

 

At the time of its release, the DIR-601 Hardware Rev. Bx used an industry standard 3rd party setup program to share its configuration profile with the 3rd party software for ease of use and installation.  Configuration sharing in today’s home network is now considered a possible attack point for malicious users attempting to exploit the router's configuration.  While this is not an attack from the remote, Internet, WAN connection, but rather the malicious user would have to gain access to the LAN-side of the device, it is still considered a risk.

 

If you continue to use the DIR-601 H/W Rev. B you do so at your own risk.  We strongly recommend the following:

 

     1. Upgrading to a current generation consumer IP router.

     2. Update to the latest device firmware including security patch releases.
 
     3. Any computer accessing the Internet on these devices should have appropriate anti-virus protection and malware protection enabled
 
     4. Regular back-ups of all devices in your home in case a disaster recovery is needed.

 

 Affected Product Models and Patches:

 

Model Hardware Revision Affected FW Fixed FW  Last Updated
DIR-601 All B Revisions 2.02.BETA01B01 and older (lower) Not Available

03/25/2019

   

Regarding Security patch for your D-Link Devices

 

Firmware updates address the security vulnerabilities of affected D-Link devices. D-Link will update this, when applicable, and we strongly recommend all users to install the relevant updates.

 

As there are different hardware revisions of our products, please check your device before downloading the corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, it can also be found on the device web configuration.