The Graveyard - Products No Longer Supported > DIR-655

New - DIR-655 Rev B Only v2.12NA Build 01 Security Release

(1/1)

FurryNutz:
Firmware: v2.12NA Build 01 Beta   06/20/2017
Release Notes:
Overview:
The DIR-655 contains four (4) vulnerabilities accessible from the LAN-side of the device
presenting potential security risks. First vulnerability allows a malicious user to bypass
authentication to gain administrative level access to the router’s web management
console. The vulnerability is only exposed when an authenticated user session is
logged-in on the device and that authenticated user's address is used, shortening the
window of opportunity for the attacker.

A second vulnerability was discovered that script injection can be performed on some input fields resulting in Cross-Site Scripting (XSS)
vulnerabilities to the device configuration interface.
 
Next, a third vulnerability, discloses log-in credentials and WiFi Encryption key of an authorized user by sending clear
text data between the device's web configuration interface and the authorized user's browser.
 
Last, a fourth vulnerability found a cgi command, regardless of authentication, will provide device configuration information.

References:
Keven Jiang :: Contact  :: November 1, 2014
Description:
A request can be made to security@dlink.com for further information.

Get it here: DIR-655 Rev B

Follow this for updating:
FW Update Process

NOTE: if your router is working with out any issues, it's recommended to keep the current version of FW that is loaded.IF IT WORKS, DON'T FIX IT!!!  ::)

FurryNutz:
FYI:
"This product has been discontinued.
Free support for this product will end on 06/01/2018"

Navigation

[0] Message Index