• December 18, 2017, 04:31:14 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Firmware 1.20B02 Released - SECURITY PATCH  (Read 618 times)

GreenBay42

  • Administrator
  • Level 5 Member
  • *
  • Posts: 527
Firmware 1.20B02 Released - SECURITY PATCH
« on: October 06, 2017, 09:46:54 AM »

The ZIP file will include 2 firmware files, release notes, and instructions.

Install v1.15 first, reboot, then install 1.20b02, reboot. It is recommended to perform a hard reset (paper clip in reset hole for 10 seconds) after updating.

DO NOT SKIP v1.15. Updating to 1.20B02 directly will not fix all issues.


Firmware - ftp://FTP2.DLINK.COM/PRODUCTS/DIR-885L/REVA/DIR-885L_REVA_FIRMWARE_PATCH_v1.20B02.zip


Release Notes:

  • Add Firmware Protection to BIN file and System
  • WAN && LAN - XSS exploit  (CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416)
  • WAN - Weak Cloud protocol  (CVE-2017-14419, CVE-2017-14420)
  • WAN && LAN - Stunnel private keys  (CVE-2017-14422)
  • WAN && LAN - Nonce brute forcing for DNS configuration  (CVE-2017-14423)
  • Local - Weak files permission and credentials stored in clear text  (CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-
    14428)
  • LAN – DoS attack against some daemons  (CVE-2017-14430)
  • Security fixes to PHP CGI files to mitigate exposing credentials
  • Correct stack overflow vulnerability caused by HNAP
« Last Edit: October 06, 2017, 11:11:57 AM by GreenBay42 »
Logged

happyhere

  • Level 3 Member
  • ***
  • Posts: 159
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #1 on: November 10, 2017, 10:31:46 PM »


anyone here have applied this new 1.20 firmware?  any feedback or issues?
I am reluctant at the moment as our '885L' is like a prod environment, household will blame me if router becomes unstable :)
Logged

hydra3333

  • Level 2 Member
  • **
  • Posts: 37
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #2 on: November 11, 2017, 02:09:07 AM »

rock solid stable here.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 43934
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #3 on: November 11, 2017, 11:37:57 AM »

Let us know if you update. Please fully read the update instructions before updating your router.


anyone here have applied this new 1.20 firmware?  any feedback or issues?
I am reluctant at the moment as our '885L' is like a prod environment, household will blame me if router becomes unstable :)
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

happyhere

  • Level 3 Member
  • ***
  • Posts: 159
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #4 on: November 12, 2017, 01:08:01 AM »


yes I will update to 1.20 around December break when I have more days to stay in that home having 885L.
I have read instructions from admin to upgrade to 1.15 before 1.20, will follow that :)

Let us know if you update. Please fully read the update instructions before updating your router.


anyone here have applied this new 1.20 firmware?  any feedback or issues?
I am reluctant at the moment as our '885L' is like a prod environment, household will blame me if router becomes unstable :)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 43934
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #5 on: November 12, 2017, 09:55:49 AM »

 ;)
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

happyhere

  • Level 3 Member
  • ***
  • Posts: 159
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #6 on: December 17, 2017, 08:11:37 PM »


I will be updating dir-885L to firmware 1.20.
But have some few questions:

1. Do I need a paper clip reset while on transitional firmware 1.15?  Or do a one time reset at 1.20?
2. The router is saying new 1.15 firmware available, can I use that instead of manual upload?
3. Can I downgrade from 1.20 to 1.13 just in case it doesnt work?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 43934
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #7 on: December 17, 2017, 08:51:00 PM »

I recommend that you use the on board UI and use IE11 or FF browsers only. Do a factory reset first, then manually send the v1.15 file. Once this is sent and should be processed, go in and send the v1.20 file, after this is completed, go in to the UI and do one more factory reset and set up the router from scratch. Be sure to disable any PC security software and browser plug ins while performing this. Also be LAN cable wired to the router with a PC. Do not perform this over the wireless connection!!!
 Link> >FW Update Process

You can downgrade...

Let us know how it goes.



I will be updating dir-885L to firmware 1.20.
But have some few questions:

1. Do I need a paper clip reset while on transitional firmware 1.15?  Or do a one time reset at 1.20?
2. The router is saying new 1.15 firmware available, can I use that instead of manual upload?
3. Can I downgrade from 1.20 to 1.13 just in case it doesnt work?
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting