D-Link IP Cameras for Home > DCS-933L

New - DCS-933L Rev A - Firmware v1.14 B11 Comments & Observations

(1/2) > >>

FurryNutz:
D-Link posted DCS-933L Rev A firmware version,which can be downloaded from Mydlink.com: DCS-933L Rev A  - Firmware v1.14 B11 Download.
Scroll to the right and select the DCS-933L camera.
Or from USA site:
DCS-933L Rev A  - Firmware v1.14 B11 Download.

Problems Fixed
1. Fixed an issue where IP Camera might fail to establish a PPPoE connection if PPP Discovery phase fails.
2. Fixed an issue that Time zone setting for Minsk should be GMT+3.
3. Fixed the “RSA-CRT key leaks” vulnerability.
4. Fixed the “LANDAP stack overflow” vulnerability.
5. Remove the “Arbitrary file upload interface” vulnerability.
6. Fixed vulnerability - Authenticated Arbitrary File Upload with Root Privileges.
7. Fixed vulnerability - Authenticated Root OS Command Injection in File Upload.
8. Fixed an XSS vulnerability - Stored XSS in User Name.
9. Fixed an XSS vulnerability - Reflected XSS in HTTP Host Header.

New Features
1. Upgrade mydlink agent to 2.1.0-b43.
2. The default date and time settings are changed to 2017-01-01, 00:00:00.
3. Updated ActiveX control and Java applet with renewed code-signing certificate.
4. Change the HTTPs self-signed certificate to SHA2 algorithms.
5. Support Mydlink UID mechanism
6. Change the support page hyperlink of Firmware Upgrade web-UI to www.dlink.com.
7. Updated OpenSSL to v1.0.1t.
8. Updated mDNSResponder to 625.41.2.
9. Update the years in the copyright statement for IP Camera’s web-UI to 2016.
10. Add authentication to CGI /config/stream_info.cgi.
11. Offer the password validation on console port. (Console’s Password is synchronized with the admin’s password)

[*]DCS-933L - Firmware Release Notes
[*]Network Cameras - Important Posts & Information
[*]Network Cameras - Beta Firmware Terms and Conditions
[*]Network Cameras - Why Have Multiple Hardware Versions for the Same Model?

[/list]

Please post your comments and observations as a reply to this thread.

 :)  ;)  :)

rjms:
Update went well.

Still can't directly access individual pages of the web UI (still getting the "forbidden" message), but at least they didn't block the "referrer" trick when using curl.

FurryNutz:
I presume directly URL may not be supported any longer. Maybe a security issue they are concerned with.

Enjoy.

cgmendla:
Someone needs to update the support page at http://support.dlink.com/ProductInfo.aspx?m=DCS-933L  as the latest version there is 1.13.

Rather annoying to go through the process of downloading and installing assuming that someone was actually maintaining that page. If I wasn't on the forums, I'd have kept wasting time trying to upgrade and getting messages that I have to upgrade.

FurryNutz:
Sometimes D-Link doesn't update the support.dlink.com site and the mydlink.com site is not kept in sync. Users are encouraged to check both sites or check here in the forums as I try to keep the forum users up to date as i check both sites as well.

Navigation

[0] Message Index

[#] Next page

Go to full version