COOEY // HUBcompliance · community · intelligence

FAIL › dossier

dlink vendor

· dossier confidence 20%

D-Link is a major networking vendor with a critical security track record characterized by repeated RCE vulnerabilities in consumer firmware, particularly in DIR-816A2 and DIR-823G devices. Their history of command injection flaws in HNAP1 and firmware components poses significant risk for CMMC environments.

8
failure events
0
zero-days
5
RCEs
0
on KEV
8
critical
50
worst shame

Profile

Category
vendor
What they do
D-Link is a global networking equipment manufacturer specializing in Wi-Fi routers, modems, and IoT devices for residential and enterprise markets.
Website
https://www.dlink.com

Security posture

D-Link has a documented history of critical remote code execution (RCE) vulnerabilities in consumer-grade firmware, particularly in DIR-816A2, DIR-820L, and DIR-823G devices, with multiple command injection flaws discovered between 2021 and 2024.

Notable failures
  • CVE-2024-24321: RCE in DIR-816A2 wizardstep4_ssid_2 parameter
  • CVE-2023-39637: Command injection in DIR-816A2 /goform/Diagnosis
  • CVE-2022-26258: RCE in DIR-820L via HTTP POST to get set ccp
  • CVE-2020-25367: HNAP1 command injection in DIR-823G V1.0.2B05
  • CVE-2020-25368: HNAP1 command injection in DIR-823G V1.0.2B05
  • CVE-2021-42627: Unauthenticated WAN configuration access on DIR-615
Patterns
repeated unpatched edge-device RCEs; command injection in firmware components; HNAP1 protocol vulnerabilities

Failure history 8 events

DateEventSevFlagsShameSummary
2024-02-08 CVE-2024-24321 critical ⚡RCE 50 An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
2023-09-12 CVE-2023-39637 critical ⚡RCE 50 D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
2022-03-28 CVE-2022-26258 critical ⚡RCE 50 D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
2021-11-04 CVE-2020-25367 critical ⚡RCE 50 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
2021-11-04 CVE-2020-25368 critical ⚡RCE 50 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
2022-08-23 CVE-2021-42627 critical 35 The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.
2022-05-23 CVE-2022-28932 critical 35 D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
2021-11-04 CVE-2020-25366 critical 35 An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.

Sentiment · trusted sources

Dossier sources

Open questions: D-Link's current patch management process for firmware updates · D-Link's compliance status with CMMC requirements