D-Link posted DCS-942L Rev A firmware version v1.27
which can be downloaded here: http://support.dlink.com/ProductInfo.aspx?m=DCS-942LProblems Fixed
1. Fix the unsuitable response issue for API /cgi/admin/adv_do.cgi. (Display 404 not found)
2. Fix the CSRF vulnerability.
3. Fix the ONVIF vulnerability for not well-formed request.
4. Fix below Onward security issues:
OnSec-VUZ-103-48001, TLS/SSL Server Supports Weak Cipher
OnSec-VUZ-103-48002, OpenSSL CCS Injection.
5. Fix issue low sensitivity for motion detection.New Features
1. Support 3DES encryption in WinXP + IE8, and remove RC4 encryption.
2. Support TLS, v1.1 & v1.2.
3. Add the notification message for Chrome 45 and above.
4. Add the notification message for Win10/Edge.
5. To fix the CSRF vulnerability, there is a spec change issue. The HTTP Authentication Realm will change as “Product_Name_xx”, where xx is 2 digit suffix of MAC address.
6. Upgrade ActiveX/NCSPlugin for windows to v22.214.171.12413
7. Upgrade mydlink agent to v2.0.20-b09 to fix the notification issue.
8. Refine the CSRF fix to exclude NIPCA CGIs.
9. Modify 403 error message for CSRF protection.
10. Enable CSRF Protection by default.
11. Upgrade open source OpenSSL to v1.0.2d.
12. Change the copyright and default system time for year 2015.
13. Remove redundant message from NIPCA API /config/wlansignal.cgi.
Please post your comments and observations as a reply to this thread.