The Graveyard - Products No Longer Supported > DIR-895L
Firmware 1.20B02 Released - SECURITY PATCH
GreenBay42:
The ZIP file will include 2 firmware files, release notes, and instructions.
Install v1.15B02 first, reboot, then install 1.20b02, reboot. It is recommended to perform a hard reset (paper clip in reset hole for 10 seconds) after updating.
DO NOT SKIP v1.15B02. Updating to 1.20B02 directly will not fix all issues.
Firmware - ftp://FTP2.DLINK.COM/PRODUCTS/DIR-895L/REVA/DIR-895L_REVA_FIRMWARE_PATCH_v1.20B02.zip
Release Notes:
* Add Firmware Protection to BIN file and System
* WAN && LAN - XSS exploit (CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416)
* WAN - Weak Cloud protocol (CVE-2017-14419, CVE-2017-14420)
* WAN && LAN - Stunnel private keys (CVE-2017-14422)
* WAN && LAN - Nonce brute forcing for DNS configuration (CVE-2017-14423)
* Local - Weak files permission and credentials stored in clear text (CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-
14428)
* LAN – DoS attack against some daemons (CVE-2017-14430)
* Security fixes to PHP CGI files to mitigate exposing credentials
* Correct stack overflow vulnerability caused by HNAP
heartsofwar:
Can someone post what 1.15 firmware fixes?
Again, D-Link baffles me... We have been stuck on 1.12 / 1.13 for months and then all of a sudden we are told there is a 1.20, but you can't update to it directly, you must update to 1.15; however, you can't download 1.15 directly... only 1.20!
D-link... please... get your crap straight... as it stands, I won't buy another d-link so long as I live. If it weren't for the fact I spent $400 on this damn router and that it'll cost me another $400 to replace, I would have jumped ship by now.
FurryNutz:
v1.15 is a transitional version of FW that needs to be applied before going to v1.20 is all. All other versions of FW after v1.13 and between v1.15 and v1.19 is not valid and not official releases for general public.
if your not happy with it then you could find someone got sell it too. Good Luck.
--- Quote from: heartsofwar on October 11, 2017, 02:03:00 PM ---Can someone post what 1.15 firmware fixes?
Again, D-Link baffles me... We have been stuck on 1.12 / 1.13 for months and then all of a sudden we are told there is a 1.20, but you can't update to it directly, you must update to 1.15; however, you can't download 1.15 directly... only 1.20!
D-link... please... get your **** straight... as it stands, I won't buy another d-link so long as I live. If it weren't for the fact I spent $400 on this damn router and that it'll cost me another $400 to replace, I would have jumped ship by now.
--- End quote ---
GreenBay42:
Firmware 1.15 fixes are combined with the 1.20 fixes in the release notes. They are packaged together and both need to be upgraded to fix the security exploits. Once you install 1.15 the 1.20 firmware is available through the GUI but I would just install the 1.20 as stated in the instructions in the ZIP file.
Tario70:
I can't get 1.20B02 to even install.
1.15 installed without issue from the router update page (downloaded the file from the D-Link Support page). When I select the 1.20B02 bin file from the router upgrade page I get pushed to the "http://ipaddress/fwupload.cgi" page & then I get a bunch of HTML.
Here's the HTML I get:
--- Quote ---27f
<html>
<head>
<meta http-equiv="Pragma" content="no-cache"> <!--for HTTP 1.1-->
<meta http-equiv="Cache-Control" content="no-cache"> <!--for HTTP 1.0-->
<meta http-equiv="Expires" content="0"> <!--prevents caching at the proxy server-->
<script type="text/javascript" charset="utf-8" src="/js/initialJQ.js"></script>
<script type="text/javascript" charset="utf-8" src="/js/initialJS.js"></script>
<script type="text/javascript" charset="utf-8" src="/js/initialCSS.js"></script>
<script type="text/javascript">
self.location.href = "UpdateFirmware.html?UpdateResult=SUCCESS";
</script>
</head>
<body>
</body>
</html>
0
--- End quote ---
Will try to do the update right from the update page & download the update from d-link. One problem I've noticed it 1.15 seems to have an October date on it while 1.20 has a September date on it. Not sure if that's an issue.
Navigation
[0] Message Index
[#] Next page
Go to full version