• January 17, 2018, 07:54:46 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released  (Read 496 times)

GreenBay42

  • Administrator
  • Level 5 Member
  • *
  • Posts: 582
DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« on: December 13, 2017, 07:18:13 AM »

A security patch has been released for revision B only.

Firmware --> ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DCS-930L/REVB/DCS-930L_REVB_FIRMWARE_PATCH_v2.15B06.zip

Release Notes:

Reported:
Reported on 09/06/2017 by Robin Stenvi (robin dot stenvi at protomail dot com)

The following affects firmware versions 2.14.04 and below.

Problems Fixed:
1. Cross-Site Request Forgery (CSRF) which may lead to configuration information exposure.
2. Denial of Service (DoS) in the cameras CGI web framework that may lead to the camera becoming unresponsive.
3. Adobe Flash Player configuration resulting in an unintentional Cross-Origin Resource Sharing misconfiguration that my lead to further malicious attacks on the camera.
Logged

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #1 on: January 15, 2018, 10:58:22 AM »

I think there may be things wrong with this version. After installing on 3 cams, two of them would no longer authenticate via curl. This version also does not work with Firefox (unless you use a user-agent switcher), and it requires IE on windows...
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44239
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #2 on: January 15, 2018, 12:09:41 PM »

CURL may have been something that wasn't officially supported or a security issue so D-Link may have closed that door.

Try using FF ESR for connecting to the cameras. Newer versions of FF standard have stopped supporting plug-ins so may not work correctly:
http://forums.dlink.com/index.php?topic=66483.0

I think there may be things wrong with this version. After installing on 3 cams, two of them would no longer authenticate via curl. This version also does not work with Firefox (unless you use a user-agent switcher), and it requires IE on windows...
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #3 on: January 15, 2018, 12:49:37 PM »

CURL may have been something that wasn't officially supported or a security issue so D-Link may have closed that door.


The problem with that theory is they didn't seem to close the door for all three cams that I upgraded so I can't take that to the bank.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44239
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #4 on: January 15, 2018, 12:52:29 PM »

So you have a camera that still authenticates via CURL then?
What was the process you followed for updating FW? Was any resets performed?
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #5 on: January 15, 2018, 12:57:05 PM »

So you have a camera that still authenticates via CURL then?
What was the process you followed for updating FW? Was any resets performed?

Correct, one camera works with curl.

Your second question may point to something. I used FF to do the upgrades and
maybe that caused an issue. I will try one of the cams that fails with curl and use
IE for the upgrade (wired connection of course). I'll let you know.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44239
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #6 on: January 15, 2018, 01:03:50 PM »

 ;)

What version of FF did you use?
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #7 on: January 15, 2018, 01:17:54 PM »

;)

What version of FF did you use?

Win 10  and FF 57.0.4 64 bit

Using IE did not work. The same problem.

I also noticed that 2.14.04 seemed to upgrade nicely with a message at the end
that states "Firmware upgrade completed". The new firmware just displays a "reply"
web page.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44239
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #8 on: January 15, 2018, 01:41:29 PM »

Reply?

Can you post a picture if what you see with the v2.15 FW update message?
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #9 on: January 15, 2018, 01:48:20 PM »

Reply?

Can you post a picture if what you see with the v2.15 FW update message?

Sorry, I may have been too glib. It's not a reply web page per se, it tries to display
a page, but gives you a error page instead. The page shows "The website declined to show this webpage".
The page that it was trying to display is "replyk.htm".
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44239
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #10 on: January 15, 2018, 01:49:26 PM »

Hmm, this in FF and IE?

Did you clear out the browser cache before and after sending the FW file?
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #11 on: January 15, 2018, 01:58:15 PM »

Hmm, this in FF and IE?

Did you clear out the browser cache before and after sending the FW file?

Yes, both FF and IE display that last page problem.

No, to the cache clearing question. I have never had to do that before and I've been
doing stuff like this for years.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44239
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #12 on: January 15, 2018, 02:02:09 PM »

Can you try a factory reset, on one camera the do the cache clear on either browser and see if same thing still happens.

Are these cameras wired or wireless connected when FW updates happen?

I'll pass this on to D-Link for review. Not sure what is happening.
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #13 on: January 15, 2018, 02:08:48 PM »

Can you try a factory reset, on one camera the do the cache clear on either browser and see if same thing still happens.

Are these cameras wired or wireless connected when FW updates happen?

I'll pass this on to D-Link for review. Not sure what is happening.

I actually had done a factory reset on one of them that fails.

I will try the cache clearing test tomorrow and let you know.

I always use wired connections when applying firmware.

Thanks for passing this on...
Logged

GreenBay42

  • Administrator
  • Level 5 Member
  • *
  • Posts: 582
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #14 on: January 15, 2018, 02:17:17 PM »

After the firmware upgrade can you get into the camera's UI without issue?  If not can you ping the camera?
Logged
Pages: [1] 2