• March 28, 2024, 03:35:53 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Firmware 2.03 (rev B): Security concerns ..  (Read 4912 times)

aasoror

  • Level 1 Member
  • *
  • Posts: 19
Firmware 2.03 (rev B): Security concerns ..
« on: June 10, 2016, 12:13:34 AM »

Hello guys,

I have concerns about how secure is my network with the DIR-868L(rev. B) running the latest firmware (2.03).

Unless I am missing something I couldn't find a way of either changing the WPS password or disabling it altogether (its not that hard for someone trying a brute force attack to eventually figure out the static WPS pass and that will compromise my network forever since I can neither change or disable WPS).

Enabling mac filters is one way to temporarily close that loophole, but unfortunately (again, unless I missed it) I see no way to enable mac filtering in the current firmware.

Additionally I can't even find the option to reboot my router from the web interface, leaving me with hard "unplug" if I need some non-critical settings applied (like DHCP reservation).

Is that indeed the case ? or am I missing something big time ?

Thanks :)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #1 on: June 10, 2016, 07:18:18 AM »

Link>Welcome!

  • What region are you located?

Check under Management/System for a Reboot feature.

Rev B was not marketed here in the USA so we didn't see the new UI for the 868L. If WPS is not listed anywhere on the routers UI, then it may not have been fully implemented as it was a security issue a few years back. I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.

As a alternative suggestion, you could load up DD-WRT on it and this would eliminate the WPS issue. They don't support WPS on there FW due to the security issue with it.

Let us know how it goes please.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

aasoror

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #2 on: June 10, 2016, 07:38:27 AM »

FurryNutz,

Thanks for the reply.

I am located in Canada, is there another forum for regional specific questions ?

I have contacted support over email and they kind of dodged WPS question and pointed out that I can use parental control as a mac filter (but the firmware is so "watered down" that you can't directly edit parental control device list, you need to wait for a device to infiltrate your network, get allocated an IP and appear under the "connected devices" then you can filter it out).
 
I hope they have WPS disabled in the firmware but unfortunately its not the case, as the WPS code is stickered right at the bottom of the router and I verified its enabled using a WPS scanner app on my phone.

Yeah I know about DDWRT, but since I just got the router I thought its a little bit early to void my warranty going 3rd party ;)

I will follow up with support and let you guys know how it ends up.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #3 on: June 10, 2016, 07:45:04 AM »

I'm not aware of any other forums in Canada. We helps Canadian users here in our forums till we exhaust troubleshooting info.
Since this is a FW issue, it needs to be handled by Canadian support.

You can always put OEM FW back on if DD-WRT doesn't work out to keep with in warranty specs.  ;)

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

aasoror

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #4 on: June 10, 2016, 09:33:17 AM »

True indeed. I would just like to exhaust the "average Joe" options before moving on, and in all honesty as the manufacturer D-Link should step up and deal with vulnerabilities instead of just throwing the towel and leave users to deal with it on their own (be it using 3rd party firmware or just live with it).
 
BTW, for any one with rev. B. hardware and missing the reboot option on v2.03, its under:  Management -> System Admin -> System.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #5 on: June 10, 2016, 09:52:34 AM »

Understand man. This needs to be addressed by D-Link Canada or D-Link HQ in Taiwan. If they don't take action then you have the alternative.

What browser are you using? FF or IE you don't see any reboot feature?
Can you post a pic with this page? Adding Screenshots In A Post
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

aasoror

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #6 on: June 10, 2016, 10:12:57 AM »

Understand man. This needs to be addressed by D-Link Canada or D-Link HQ in Taiwan. If they don't take action then you have the alternative.
I do understand, thats the reason I said I had a ticket already open with support. All I am saying is people don't pay arm and leg for hardware from established manufacturer just to move to unofficial unsupported warranty voiding software alternatives when they could have picked out of the gazillion of "cheaper" DDWRT compatible routers out there ;) Its not that I don't appreciate the suggestion, its just that the reason I posted in the official support forums was to confirm whether or not there was something that I am missing with the official firmware.
Quote
What browser are you using? FF or IE you don't see any reboot feature?
Can you post a pic with this page? Adding Screenshots In A Post
As I said in my previous post, I managed to find the reboot option, it was tucked away deep inside a confusingly named menu. :)
Thanks again FurryNutz
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #7 on: June 10, 2016, 02:13:22 PM »

Let us know if you find out any more information from D-Link Canada.

Good Luck.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

aasoror

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #8 on: June 25, 2016, 07:55:58 AM »

ok, here is the latest update, after going back and forth with support about this, once they were past the initial denial they acknowledged the issue (had to send them screenshots to counter their claim) and I requested that my concern would be escalated up the management/development chain.

Yesterday I was contacted by the technical services department manager for D-Link Canada.  He confirmed that upon escalating my concerns to D-Link engineering dept they have decided to design a new firmware that would allow the feature in question (WPS pin management).

The guy also apologized for the misinformation that L1 support initially passed to me (claiming WPS pin is not supported by the router thus there is nothing to worry about).

So anyone using the stock firmware should keep an eye on the product support page to fetch the new firmware once released (I will also update this thread) meanwhile, as a temp workaround, insure that you use any WPS connect app (few on Google playstore) and enter a "wrong" pin for 10 consecutive times which will lock WPS pin feature altogether (until the router is rebooted).  Remember to do this each time the router is rebooted and verify using the "correct" WPS pin.

Hope that helps.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #9 on: June 27, 2016, 06:37:23 AM »

Glad they were able to help you with this information and look forward to new FW in the future.

Good Luck.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

aasoror

  • Level 1 Member
  • *
  • Posts: 19
Re: Firmware 2.03 (rev B): Security concerns ..
« Reply #10 on: July 28, 2016, 08:44:28 AM »

I was just contacted by DLink Canada support, the new firmware is out (2.04B04Beta), you can get it from the download page.

Code: [Select]
Release notes:
- Add WPS PBC/PIN lockout

Thanks again for all the DLink Canada staff that were involved in sorting out this issue.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 2.03 (rev B): Security concerns .. (RESOLVED)
« Reply #11 on: July 28, 2016, 08:47:24 AM »

Awesome. Glad they were able to correct it. Thanks for sharing. I'll post this as well.
http://forums.dlink.com/index.php?topic=65341.0
Enjoy.  ;)
« Last Edit: July 28, 2016, 08:55:13 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.