D-Link Forums

The Graveyard - Products No Longer Supported => IP Cameras => DCS-930L => Topic started by: FurryNutz on July 26, 2016, 09:03:52 AM

Title: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: FurryNutz on July 26, 2016, 09:03:52 AM
D-Link posted DCS-930L Rev A firmware version v1.15 B04 which can be downloaded here: http://support.dlink.com/ProductInfo.aspx?m=DCS-930L (http://support.dlink.com/ProductInfo.aspx?m=DCS-930L)

Problems Fixed
1. Fixed CSRF vulnerability for the camera’s web-UI (Exclude CGI APIs).
2. Fixed the “RSA-CRT key leaks” vulnerability.
3. Fixed the “LANDAP stack overflow“ vulnerability. (discovered by search SEARCH-LAB)
4. Remove the “Arbitrary file upload interface” vulnerability. (discovered by search SEARCH-LAB)
5. Fixed an issue that Time zone setting for Minsk should be GMT+3.
6. Fixed a vulnerability - Authenticated Arbitrary File Upload with Root Privileges. (discovered by IOActive Security)
7. Fixed a vulnerability - Authenticated Root OS Command Injection in File Upload. (discovered by IOActive Security)
8. Fixed an XSS vulnerability - Stored XSS in User Name. (discovered by IOActive Security) 
9. Fixed an XSS vulnerability - Reflected XSS in HTTP Host Header. (discovered by IOActive Security)

New Features
1.   Upgrade mydlink agent to 2.1.0-b27.
2.   Change the HTTPs self-signed certificate to SHA2 algorithms.
3.   Support Mydlink UID mechanism (mdb get dev_uid)
4.   Change the support page hyperlink of Firmware Upgrade web-UI to www.dlink.com.
5.   Updated OpenSSL to v0.9.8o.
6.   Remove mDNSResponder daemon on the unit.
7.   Remove the Bonjour settings from the Network Setup web-UI
8.   Change the default system time to 2016-01-01
9.   Update the years in the copyright statement for IP Camera’s web-UI to 2016.
10.   Add authentication to CGI /config/stream_info.cgi.
11.   Offer the password validation on console port. (Console’s Password is synchronized with the admin’s password)


Please post your comments and observations as a reply to this thread.

 :)  ;)  :)
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: rjms on August 08, 2016, 09:11:58 AM
Hmm... seems controlling from a script doesn't work anymore... "The request is forbidden"
(see http://forums.dlink.com/index.php?topic=59969.msg243501#msg243501 (http://forums.dlink.com/index.php?topic=59969.msg243501#msg243501) )

Also, simply entering a direct URL on the web UI doesn't work, must click on web UI links
e.g. entering http://[you ipcam's local IP]/upload.htm in address bar for direct access to FTP also results in "The request is forbidden"... must click the FTP link.

Anyone can confirm? If so, any work around, or new method?
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: FurryNutz on August 08, 2016, 09:17:59 AM
There are a few security fixes on this and I'm wondering if what you were using before has been closed due to one of these fixes. You might phone contact D-Link support and ask about this...
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: rjms on August 08, 2016, 09:58:39 AM
They probably decided to throw the baby with the bathwater...

At least the video streams URLs are still accessible to 3rd party software (eg ispy).

Will wait a bit to see what others observe before downgrading...

/edit: Adding a proper "--referer" to the curl's prevents error page, but new settings won't apply... still looking into it, all might not be lost for automation.

/edit #2: The "--referer" solves the curl problem after all, the settings apply. Still a bit ridiculous that one can't access a page directly, e.g. your_cam_IP/image.htm gives "forbidden" message.
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: FurryNutz on August 11, 2016, 10:36:40 AM
Thanks for updating us with this info. Hope it helps.

They probably decided to throw the baby with the bathwater...

At least the video streams URLs are still accessible to 3rd party software (eg ispy).

Will wait a bit to see what others observe before downgrading...

/edit: Adding a proper "--referer" to the curl's prevents error page, but new settings won't apply... still looking into it, all might not be lost for automation.

/edit #2: The "--referer" solves the curl problem after all, the settings apply. Still a bit ridiculous that one can't access a page directly, e.g. your_cam_IP/image.htm gives "forbidden" message.
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: rstark18 on August 11, 2016, 10:56:12 PM
Seems as though www.mydlink.com/download has pulled 1.15 and has 1.14 as the most current. Anyone have any ideas why?
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: FurryNutz on August 12, 2016, 06:35:26 AM
its' available on D-Links main support site.
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: acellier on August 12, 2016, 03:56:57 PM
Quote from: rjms  a bit ridiculous that one can't access a page directly, e.g. your_cam_IP/image.htm gives "forbidden" message. [/quote
I totally agree - breaks a number of php/html pages that we use.
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: rjms on August 12, 2016, 07:52:14 PM
I totally agree - breaks a number of php/html pages that we use.
Have you tried referer spoofing in PHP, if possible like above with curl?
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: rangea2 on August 26, 2016, 07:48:44 AM
I have 2 cameras 930. The app force me to update the firmware, then after update the firmware, my cameras start frezzing and get disconected from the app. I have to manually diconnect the energy and connect again.

Is there a solution?
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: FurryNutz on August 26, 2016, 07:55:42 AM
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)


What Mfr and model is the main host router?
What wireless modes are you using?
What is the distance between the Camera and the main host router?
How many other wireless devices do you have connected to the main host router?

I recommend setting a static IP address ON the cameras outside of the main host routers default DHCP IP address pool as a troubleshooting step: 192.168.#.93 and .94  DHCP (http://forums.dlink.com/index.php?topic=58017.0)

Test cameras with uPnP and uPnP Port Forwarding both enabled on ALL cameras: DCS Cloud (L) Series Camera Configuration and Mydlink.com (http://forums.dlink.com/index.php?topic=62395.0)

Can you connect the cameras to a LAN wired cable connection and manually factory reset, manually update the FW on both then factory reset once more then set up from scratch?
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: FurryNutz on September 26, 2016, 10:07:45 AM
Currently its the v2.12
http://support.dlink.com/ProductInfo.aspx?m=DCS-930L (http://support.dlink.com/ProductInfo.aspx?m=DCS-930L)

where is the new Firmware for  DCS-930LB1.....its 2.13
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: FurryNutz on September 27, 2016, 06:52:29 AM
What region are you located?  ???

where is the new Firmware for  DCS-930LB1.....its 2.13
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: TelfordPa on September 27, 2016, 07:03:16 AM
I figured it out everything is fine now
Title: Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
Post by: FurryNutz on September 27, 2016, 07:09:04 AM
 ;)

Enjoy.