A total of 53 vulnerabilities were identified in the latest firmware. Several of these vulnerabilities can be abused by attackers to execute code and get full control of a device.
The assessment was conducted on the following devices,
- DNS-320, Revision A: 2.03, 13/05/2013
- DNS-320L, 1.03b04, 11/11/2013
- DNS-327L, 1.02, 02/07/2014
- DNR-326, 1.40b03, 7/19/2013
The vulnerabilities discovered can also affect the following devices,
- DNS-320B, 1,02b01, 23/04/2014
- DNS-345, 1.03b06, 30/07/2014
- DNS-325, 1.05b03, 30/12/2013
- DNS-322L, 2.00b07
These issues were reported to D-Link, many of which were patched and there are still some which remain unfixed.
It is recommended that users apply patches where available and are recommended not to expose the web interface of the DNS and DNR devices to the internet.
Full specific details can be downloaded [Click Here!]