• March 28, 2024, 11:52:46 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2 3 ... 9

Author Topic: Firmware 1.20B01 Released - SECURITY PATCH  (Read 48127 times)

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Firmware 1.20B01 Released - SECURITY PATCH
« on: October 06, 2017, 09:52:37 AM »

The ZIP file will include 2 firmware files, release notes, and instructions.

Install v1.11B04 first, reboot, then install 1.20b01, reboot. It is recommended to perform a hard reset (paper clip in reset hole for 10 seconds) after updating.

DO NOT SKIP v1.11B04. Updating to 1.20B01 directly will not fix all issues.


Firmware - ftp://FTP2.DLINK.COM/PRODUCTS/DIR-890L/REVA/DIR-890L_REVA_FIRMWARE_PATCH_v1.20B01.zip


Release Notes:

  • Add Firmware Protection to BIN file and System
  • WAN && LAN - XSS exploit  (CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416)
  • WAN - Weak Cloud protocol  (CVE-2017-14419, CVE-2017-14420)
  • WAN && LAN - Stunnel private keys  (CVE-2017-14422)
  • WAN && LAN - Nonce brute forcing for DNS configuration  (CVE-2017-14423)
  • Local - Weak files permission and credentials stored in clear text  (CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-
    14428)
  • LAN – DoS attack against some daemons  (CVE-2017-14430)
  • Security fixes to PHP CGI files to mitigate exposing credentials
  • Correct stack overflow vulnerability caused by HNAP
« Last Edit: October 08, 2017, 02:21:49 PM by FurryNutz »
Logged

samukets

  • Level 2 Member
  • **
  • Posts: 45
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #1 on: October 08, 2017, 12:45:07 PM »

When I do a hard reset can I use the old settings saved in .bin and load them into the new firmware?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #2 on: October 08, 2017, 12:50:23 PM »

I recommend setting up from scratch after doing one more factory reset after the router processes the file. There is a few versions between the last official release version and v1.20. So I would just set up from scratch again then save off a new config to file after everything is set up on v1.20.



When I do a hard reset can I use the old settings saved in .bin and load them into the new firmware?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

samukets

  • Level 2 Member
  • **
  • Posts: 45
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #3 on: October 08, 2017, 01:33:08 PM »

Here QOS configs dont save...
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #4 on: October 08, 2017, 01:34:29 PM »

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

samukets

  • Level 2 Member
  • **
  • Posts: 45
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #5 on: October 08, 2017, 01:42:18 PM »

I configure QOS and after save button nothing happens. :(
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #6 on: October 08, 2017, 01:46:18 PM »

What browser are you using?

Try IE11 or FF? Same thing happen?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

samukets

  • Level 2 Member
  • **
  • Posts: 45
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #7 on: October 08, 2017, 01:49:06 PM »

What a horrible bug, it does not save any settings on the QOS page. Killed the QOS.

Chrome, IE 11.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #8 on: October 08, 2017, 01:50:10 PM »

Same thing with FF?

Did you clear out the browser cache before configuring the router and saving the config to file?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

samukets

  • Level 2 Member
  • **
  • Posts: 45
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #9 on: October 08, 2017, 01:55:32 PM »


I installed firefox here just to test, nothing too, it does not save anything in QOS.


I cleaned the cache in ie and chrome, the firefox installed only for the test, it was never used. QOS definitely died.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #10 on: October 08, 2017, 01:57:02 PM »

Ok, I'll load mine up and check with from my Mac...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

samukets

  • Level 2 Member
  • **
  • Posts: 45
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #11 on: October 08, 2017, 02:06:10 PM »

Another bug, connections in 2.4 ghz are being listed in the GUI as connections in 5ghz. Example: Chromecast

Many devices like unknown and ips 0.0.0.0


Dlink screwed ugly on this one.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #12 on: October 08, 2017, 02:28:10 PM »

Ok, so I did the following on my Mac connected via LAN cable.
Factory reset.
Loaded v1.11B04 with Safari.
Loaded v1.20 with Safari.
Factory reset.
Manually set up from scratch.
Set my Mac and iPhone 6sP for reserved IP addresses. Both were seen by the router. Unknown Device was listed for my iPhone 6sP however may have been due to no host name for iphone being used or iOS 11.0.2. Mac (OSX 10.10.5) was seen as APPLE.

Configured QoS By Device. Set my Mac into Highest and iPhone into Medium and manually input my ISP speeds and saved settings. I got a 15 second please wait window. I let the web page expired and logged back in and QoS are still there.

Left the SSID name default for now with OPEN Security. Smart connect enabled. My Mac was showing on LAN PC connection before I changed to wireless. Now Mac and iPhone show as being connected to the 5Ghz wireless radio. However there is a wireless signal bar icon seen on the LAN PC cable connection tile for the mac that was initially connected on the LAN cable.

Did a save config to file. Safari it saves the file automatically for me my desktop which it did.

How long did you enter into QoS after you had loaded the FW and factory reset the router?
What version of Windows are you using?

I updated my FF version for mac and it's also showing correctly with the UI and QoS. I changed my iphone from medium to high section and saved the setting and QOS gave me the 15 second please wait window.
« Last Edit: October 08, 2017, 02:51:16 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

samukets

  • Level 2 Member
  • **
  • Posts: 45
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #13 on: October 08, 2017, 03:14:55 PM »

 made the first update, then did the second update. After the whole process I went to the reset button and reseated the equipment twice.

Soon after I tried to activate the qos but it does not activate.

I use windows 10, last update.

I tried with chrome, firefox and IE.

Dese the beginning is happening exactly as I show in the video, change and nothing happens.

EDIT:
I turned the power off for 10 minutes and changed the GUI to English. now QOS has saved. I do not know if it was the energy removal or the English GUI that solved it.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B01 Released - SECURITY PATCH
« Reply #14 on: October 08, 2017, 03:18:01 PM »

What language were you using?
What region are you located?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.
Pages: [1] 2 3 ... 9