• March 28, 2024, 01:40:26 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: Security Advisement - Firmware 1.02B01 Released  (Read 10549 times)

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Security Advisement - Firmware 1.02B01 Released
« on: November 29, 2017, 08:41:46 AM »

Seven flaws have been patched. The seven flaws include three that can be exploited to perform remote code execution, three more that can be used in denial of service attacks, and one information-leaking blunder. The full list of flaws is as follows:

CVE-2017-14491 – Remote code execution in the DNS subsystem that can be exploited from the other side of the internet against public-facing systems and against stuff on the local network. The previously latest version had a two-byte overflow bug, which could be leveraged, and all prior builds had an unlimited overflow.

CVE-2017-14492 – The second remote code execution flaw works via a heap-based overflow.

CVE-2017-14493 – Google labels this one as trivial to exploit. It's a stack-based buffer overflow vulnerability that enables remote code execution if it's used in conjunction with the flaw below.

CVE-2017-14494 – This is an information leak in DHCP which, when using in conjunction with CVE-2017-14493, lets an attacker bypass the security mechanism ASLR and attempt to run code on a target system.

CVE-2017-14495 – A limited flaw this one, but can be exploited to launch a denial of service attack by exhausting memory. Dnsmasq is only vulnerable, however, if the command line switches --add-mac, --add-cpe-id or --add-subnet are used.

CVE-2017-14496 – Here the DNS code performs invalid boundary checks, allowing a system to be crashed using an integer underflow leading to a huge memcpy() call. Android systems are affected if the attacker is local or tethered directly to the device.

CVE-2017-13704 – A large DNS query can crash the software.

Download not available at this time.

v1.02B02 is available -- http://forums.dlink.com/index.php?topic=73093.0
« Last Edit: February 09, 2018, 03:20:19 PM by GreenBay42 »
Logged

Malechai

  • Level 2 Member
  • **
  • Posts: 32
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #1 on: January 10, 2018, 08:44:09 PM »

Thanks for this. How long does it generally takes for a firmware to leave beta?
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #2 on: January 11, 2018, 07:48:23 AM »

Depends. Security patches may take longer since they have to go through 3rd party testing and verification. Some firmware releases may have to go through re-certification which can take time. The KRACK patches are at the highest priority so "official" releases are taking some time right now.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #3 on: January 11, 2018, 07:58:45 AM »

You can always try the beta and if it doesn't work well for you, you can down grade. Let us know what you find if any thing.

Thanks for this. How long does it generally takes for a firmware to leave beta?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

p4spooky

  • Level 1 Member
  • *
  • Posts: 3
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #4 on: January 11, 2018, 05:24:38 PM »

I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #5 on: January 11, 2018, 05:28:08 PM »

Link>Welcome!

  • What region are you located?
  • Are you wired or wireless connected to the router?
  • Was a Factory Reset performed before and after any firmware updates then set up from scratch?
  Link> >FW Update Process

What browser are you using?
Be sure to unpack the .bin file from the .zip file before sending the update.

I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

p4spooky

  • Level 1 Member
  • *
  • Posts: 3
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #6 on: January 19, 2018, 10:56:08 AM »

Apologies for late reply.

1. USA
2. Wired
3. Router came with 1.0. Upgraded to 1.01 using the manual method. ZERO issues. Then did a full reset, downloaded 1.02 from support site. Again using manual method tried to load: DIR-882_A1_FW1.02B01Beta.bin

Fails with message: "Firmware Upgrade Failed". Tried from Chrome/Edge/IE with Anitvirus turned off.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #7 on: January 19, 2018, 11:14:55 AM »

Try loading it with this method:
Emergency Recovery Mode
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

AmyC

  • Level 1 Member
  • *
  • Posts: 21
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #8 on: January 19, 2018, 01:22:08 PM »

I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?
OMG. I have been with Tech Support since 1/7/18 about this and they act like I'm the only one having this problem. So it's apparently broken then? I finally received this as my last interchange:
Quote
Since it is not resolved even using two computers and it is a KRACK patch issue, please use this link to email directly our Network Security Engineers.
http://support.dlink.com/ReportVulnerabilities.aspx
I did fill out that form but without much hope of a response since it specifically says it is NOT for tech support.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #9 on: January 19, 2018, 01:23:22 PM »

What problem are you having?

This FW file not loading?  ???

I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?
OMG. I have been with Tech Support since 1/7/18 about this and they act like I'm the only one having this problem. So it's apparently broken then? I finally received this as my last interchange:
Quote
Since it is not resolved even using two computers and it is a KRACK patch issue, please use this link to email directly our Network Security Engineers.
http://support.dlink.com/ReportVulnerabilities.aspx
I did fill out that form but without much hope of a response since it specifically says it is NOT for tech support.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #10 on: January 19, 2018, 01:34:52 PM »

I will test my router now.

Are you unzipping the file and loading the .BIN file?
« Last Edit: January 19, 2018, 01:36:33 PM by GreenBay42 »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #11 on: January 19, 2018, 01:35:31 PM »

Thank you sir.  ;)

The first user is loading the .bin file.

I will test my router now.
« Last Edit: January 19, 2018, 01:50:04 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #12 on: January 19, 2018, 01:51:41 PM »

Ok the router I have already has the KRACK firmware on it. We tried a reflash (after a hard reset) and it failed. Same happened on our 878. But the original upgrade was successful.

We will do an emergency firmware upload to put 1.01 back on and then try the beta firmware again.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #13 on: January 19, 2018, 01:52:34 PM »

 :o
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: Security Advisement - Firmware 1.02B01 Released
« Reply #14 on: January 19, 2018, 02:50:28 PM »

Techs replicated the issue, even after an emergency firmware upgrade it failed. They sent a D-Track to the engineers.
Logged
Pages: [1] 2