• October 06, 2024, 03:22:21 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DIR-655 Rev B Only v2.12NA Build 01 Security Release  (Read 12136 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
New - DIR-655 Rev B Only v2.12NA Build 01 Security Release
« on: January 05, 2018, 12:25:26 PM »

Firmware: v2.12NA Build 01 Beta   06/20/2017
Release Notes:
Overview:
The DIR-655 contains four (4) vulnerabilities accessible from the LAN-side of the device
presenting potential security risks. First vulnerability allows a malicious user to bypass
authentication to gain administrative level access to the router’s web management
console. The vulnerability is only exposed when an authenticated user session is
logged-in on the device and that authenticated user's address is used, shortening the
window of opportunity for the attacker.

A second vulnerability was discovered that script injection can be performed on some input fields resulting in Cross-Site Scripting (XSS)
vulnerabilities to the device configuration interface.
 
Next, a third vulnerability, discloses log-in credentials and WiFi Encryption key of an authorized user by sending clear
text data between the device's web configuration interface and the authorized user's browser.
 
Last, a fourth vulnerability found a cgi command, regardless of authentication, will provide device configuration information.

References:
Keven Jiang :: Contact  :: November 1, 2014
Description:
A request can be made to security@dlink.com for further information.

Get it here: DIR-655 Rev B

Follow this for updating:
FW Update Process

NOTE: if your router is working with out any issues, it's recommended to keep the current version of FW that is loaded.IF IT WORKS, DON'T FIX IT!!!  ::)
« Last Edit: January 05, 2018, 12:31:03 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DIR-655 Rev B Only v2.12NA Build 01 Security Release
« Reply #1 on: January 05, 2018, 01:49:35 PM »

FYI:
"This product has been discontinued.
Free support for this product will end on 06/01/2018"
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.