• March 28, 2024, 10:05:44 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Firmware 1.20B02 Released - SECURITY PATCH  (Read 13412 times)

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Firmware 1.20B02 Released - SECURITY PATCH
« on: October 06, 2017, 09:46:54 AM »

The ZIP file will include 2 firmware files, release notes, and instructions.

Install v1.15 first, reboot, then install 1.20b02, reboot. It is recommended to perform a hard reset (paper clip in reset hole for 10 seconds) after updating.

DO NOT SKIP v1.15. Updating to 1.20B02 directly will not fix all issues.


Firmware - ftp://FTP2.DLINK.COM/PRODUCTS/DIR-885L/REVA/DIR-885L_REVA_FIRMWARE_PATCH_v1.20B02.zip


Release Notes:

  • Add Firmware Protection to BIN file and System
  • WAN && LAN - XSS exploit  (CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416)
  • WAN - Weak Cloud protocol  (CVE-2017-14419, CVE-2017-14420)
  • WAN && LAN - Stunnel private keys  (CVE-2017-14422)
  • WAN && LAN - Nonce brute forcing for DNS configuration  (CVE-2017-14423)
  • Local - Weak files permission and credentials stored in clear text  (CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-
    14428)
  • LAN – DoS attack against some daemons  (CVE-2017-14430)
  • Security fixes to PHP CGI files to mitigate exposing credentials
  • Correct stack overflow vulnerability caused by HNAP
« Last Edit: October 06, 2017, 11:11:57 AM by GreenBay42 »
Logged

happyhere

  • Level 3 Member
  • ***
  • Posts: 178
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #1 on: November 10, 2017, 10:31:46 PM »


anyone here have applied this new 1.20 firmware?  any feedback or issues?
I am reluctant at the moment as our '885L' is like a prod environment, household will blame me if router becomes unstable :)
Logged

hydra3333

  • Level 2 Member
  • **
  • Posts: 41
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #2 on: November 11, 2017, 02:09:07 AM »

rock solid stable here.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #3 on: November 11, 2017, 11:37:57 AM »

Let us know if you update. Please fully read the update instructions before updating your router.


anyone here have applied this new 1.20 firmware?  any feedback or issues?
I am reluctant at the moment as our '885L' is like a prod environment, household will blame me if router becomes unstable :)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

happyhere

  • Level 3 Member
  • ***
  • Posts: 178
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #4 on: November 12, 2017, 01:08:01 AM »


yes I will update to 1.20 around December break when I have more days to stay in that home having 885L.
I have read instructions from admin to upgrade to 1.15 before 1.20, will follow that :)

Let us know if you update. Please fully read the update instructions before updating your router.


anyone here have applied this new 1.20 firmware?  any feedback or issues?
I am reluctant at the moment as our '885L' is like a prod environment, household will blame me if router becomes unstable :)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #5 on: November 12, 2017, 09:55:49 AM »

 ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

happyhere

  • Level 3 Member
  • ***
  • Posts: 178
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #6 on: December 17, 2017, 08:11:37 PM »


I will be updating dir-885L to firmware 1.20.
But have some few questions:

1. Do I need a paper clip reset while on transitional firmware 1.15?  Or do a one time reset at 1.20?
2. The router is saying new 1.15 firmware available, can I use that instead of manual upload?
3. Can I downgrade from 1.20 to 1.13 just in case it doesnt work?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #7 on: December 17, 2017, 08:51:00 PM »

I recommend that you use the on board UI and use IE11 or FF browsers only. Do a factory reset first, then manually send the v1.15 file. Once this is sent and should be processed, go in and send the v1.20 file, after this is completed, go in to the UI and do one more factory reset and set up the router from scratch. Be sure to disable any PC security software and browser plug ins while performing this. Also be LAN cable wired to the router with a PC. Do not perform this over the wireless connection!!!
 Link> >FW Update Process

You can downgrade...

Let us know how it goes.



I will be updating dir-885L to firmware 1.20.
But have some few questions:

1. Do I need a paper clip reset while on transitional firmware 1.15?  Or do a one time reset at 1.20?
2. The router is saying new 1.15 firmware available, can I use that instead of manual upload?
3. Can I downgrade from 1.20 to 1.13 just in case it doesnt work?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

happyhere

  • Level 3 Member
  • ***
  • Posts: 178
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #8 on: December 19, 2017, 03:20:12 AM »

Upgrade went well.
I followed the dumb "user friendly" GUI instead of manual upload.

1. On GUI, updated from 1.13 to 1.15.  around 3 minutes
2. On GUI, updated from 1.15 to 1.20.  around 3 minutes

All settings are intact. I haven't done reset, all wired/wireless client are working

I did a power down of 885L and all the networking gear/cam/switch and restarted them.
It is running STABLE for 8 hours now.

There is a question in my mind, is the zero day bug really fixed using the GUI automated way?  I think yes but cant really test it.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #9 on: December 19, 2017, 10:07:04 AM »

Glad you got it working and the processed worked. I presume you used the update feature in the UI to upgrade?

This not a zero day bug. More like a flaw found in the WPA2 code set for client modes. This only effects wireless running in client, bridge or repeater mode mostly. You'll be fine since it's successfully upgraded.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

happyhere

  • Level 3 Member
  • ***
  • Posts: 178
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #10 on: December 27, 2017, 07:45:10 PM »

Yes I used the update feature in UI. 

It seems to fix the delete issue dhcp reservation on prior firmware too.

Anyway, so far so good all stable. 2.4ghz is not dying at least.
Nobody in household noticed a firmware update was made :)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #11 on: December 27, 2017, 07:46:32 PM »

Good to hear. Glad it's working well now. Enjoy.  ;) ;)


Yes I used the update feature in UI. 

It seems to fix the delete issue dhcp reservation on prior firmware too.

Anyway, so far so good all stable. 2.4ghz is not dying at least.
Nobody in household noticed a firmware update was made :)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

vitoldo

  • Level 1 Member
  • *
  • Posts: 6
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #12 on: December 01, 2018, 10:50:02 AM »

On https://support.dlink.com/ProductInfo.aspx?m=DIR-885L%2fR actually I don't see any 1.15 firmware. There are 1.13 and 1.20 but not 1.15.
When I've connected my 885 to WAN the first time router reported the upgrade twice. I performed that automatically from GUI. Probably I've missed the 1.15 (dont't remember). Is that any way to check it? My HW ver. is A2.
« Last Edit: December 01, 2018, 11:03:31 AM by vitoldo »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #13 on: December 01, 2018, 03:03:27 PM »

If you were able to get v1.20 on the router, then no need for any other version of FW.

On https://support.dlink.com/ProductInfo.aspx?m=DIR-885L%2fR actually I don't see any 1.15 firmware. There are 1.13 and 1.20 but not 1.15.
When I've connected my 885 to WAN the first time router reported the upgrade twice. I performed that automatically from GUI. Probably I've missed the 1.15 (dont't remember). Is that any way to check it? My HW ver. is A2.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

vitoldo

  • Level 1 Member
  • *
  • Posts: 6
Re: Firmware 1.20B02 Released - SECURITY PATCH
« Reply #14 on: December 02, 2018, 06:51:09 AM »

Thanks for quick reply. So I'm waiting for final 1.21.
Logged