• March 28, 2024, 09:09:36 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations  (Read 9247 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

D-Link posted DCS-930L Rev A firmware version v1.15 B04 which can be downloaded here: http://support.dlink.com/ProductInfo.aspx?m=DCS-930L

Problems Fixed
1. Fixed CSRF vulnerability for the camera’s web-UI (Exclude CGI APIs).
2. Fixed the “RSA-CRT key leaks” vulnerability.
3. Fixed the “LANDAP stack overflow“ vulnerability. (discovered by search SEARCH-LAB)
4. Remove the “Arbitrary file upload interface” vulnerability. (discovered by search SEARCH-LAB)
5. Fixed an issue that Time zone setting for Minsk should be GMT+3.
6. Fixed a vulnerability - Authenticated Arbitrary File Upload with Root Privileges. (discovered by IOActive Security)
7. Fixed a vulnerability - Authenticated Root OS Command Injection in File Upload. (discovered by IOActive Security)
8. Fixed an XSS vulnerability - Stored XSS in User Name. (discovered by IOActive Security) 
9. Fixed an XSS vulnerability - Reflected XSS in HTTP Host Header. (discovered by IOActive Security)

New Features
1.   Upgrade mydlink agent to 2.1.0-b27.
2.   Change the HTTPs self-signed certificate to SHA2 algorithms.
3.   Support Mydlink UID mechanism (mdb get dev_uid)
4.   Change the support page hyperlink of Firmware Upgrade web-UI to www.dlink.com.
5.   Updated OpenSSL to v0.9.8o.
6.   Remove mDNSResponder daemon on the unit.
7.   Remove the Bonjour settings from the Network Setup web-UI
8.   Change the default system time to 2016-01-01
9.   Update the years in the copyright statement for IP Camera’s web-UI to 2016.
10.   Add authentication to CGI /config/stream_info.cgi.
11.   Offer the password validation on console port. (Console’s Password is synchronized with the admin’s password)


Please post your comments and observations as a reply to this thread.

 :)  ;)  :)
« Last Edit: August 12, 2016, 06:33:47 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

rjms

  • Level 1 Member
  • *
  • Posts: 13
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #1 on: August 08, 2016, 09:11:58 AM »

Hmm... seems controlling from a script doesn't work anymore... "The request is forbidden"
(see http://forums.dlink.com/index.php?topic=59969.msg243501#msg243501 )

Also, simply entering a direct URL on the web UI doesn't work, must click on web UI links
e.g. entering http://[you ipcam's local IP]/upload.htm in address bar for direct access to FTP also results in "The request is forbidden"... must click the FTP link.

Anyone can confirm? If so, any work around, or new method?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #2 on: August 08, 2016, 09:17:59 AM »

There are a few security fixes on this and I'm wondering if what you were using before has been closed due to one of these fixes. You might phone contact D-Link support and ask about this...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

rjms

  • Level 1 Member
  • *
  • Posts: 13
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #3 on: August 08, 2016, 09:58:39 AM »

They probably decided to throw the baby with the bathwater...

At least the video streams URLs are still accessible to 3rd party software (eg ispy).

Will wait a bit to see what others observe before downgrading...

/edit: Adding a proper "--referer" to the curl's prevents error page, but new settings won't apply... still looking into it, all might not be lost for automation.

/edit #2: The "--referer" solves the curl problem after all, the settings apply. Still a bit ridiculous that one can't access a page directly, e.g. your_cam_IP/image.htm gives "forbidden" message.
« Last Edit: August 11, 2016, 08:18:14 AM by rjms »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #4 on: August 11, 2016, 10:36:40 AM »

Thanks for updating us with this info. Hope it helps.

They probably decided to throw the baby with the bathwater...

At least the video streams URLs are still accessible to 3rd party software (eg ispy).

Will wait a bit to see what others observe before downgrading...

/edit: Adding a proper "--referer" to the curl's prevents error page, but new settings won't apply... still looking into it, all might not be lost for automation.

/edit #2: The "--referer" solves the curl problem after all, the settings apply. Still a bit ridiculous that one can't access a page directly, e.g. your_cam_IP/image.htm gives "forbidden" message.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

rstark18

  • Level 3 Member
  • ***
  • Posts: 140
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #5 on: August 11, 2016, 10:56:12 PM »

Seems as though www.mydlink.com/download has pulled 1.15 and has 1.14 as the most current. Anyone have any ideas why?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #6 on: August 12, 2016, 06:35:26 AM »

its' available on D-Links main support site.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

acellier

  • Level 4 Member
  • ****
  • Posts: 417
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #7 on: August 12, 2016, 03:56:57 PM »

Quote from: rjms  a bit ridiculous that one can't access a page directly, e.g. your_cam_IP/image.htm gives "forbidden" message. [/quote
I totally agree - breaks a number of php/html pages that we use.
Logged

rjms

  • Level 1 Member
  • *
  • Posts: 13
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #8 on: August 12, 2016, 07:52:14 PM »

I totally agree - breaks a number of php/html pages that we use.
Have you tried referer spoofing in PHP, if possible like above with curl?
Logged

rangea2

  • Level 1 Member
  • *
  • Posts: 2
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #9 on: August 26, 2016, 07:48:44 AM »

I have 2 cameras 930. The app force me to update the firmware, then after update the firmware, my cameras start frezzing and get disconected from the app. I have to manually diconnect the energy and connect again.

Is there a solution?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #10 on: August 26, 2016, 07:55:42 AM »

Link>Welcome!

  • What region are you located?

What Mfr and model is the main host router?
What wireless modes are you using?
What is the distance between the Camera and the main host router?
How many other wireless devices do you have connected to the main host router?
  • Any 2.4Ghz or 5Ghz cordless house phones or WiFi APs near by that maybe causing interferences?
  • Any other WiFi routers in the area that maybe causing interferences? Link> Use a WiFi Scanner to find out. How many?

I recommend setting a static IP address ON the cameras outside of the main host routers default DHCP IP address pool as a troubleshooting step: 192.168.#.93 and .94  DHCP

Test cameras with uPnP and uPnP Port Forwarding both enabled on ALL cameras: DCS Cloud (L) Series Camera Configuration and Mydlink.com

Can you connect the cameras to a LAN wired cable connection and manually factory reset, manually update the FW on both then factory reset once more then set up from scratch?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #11 on: September 26, 2016, 10:07:45 AM »

Currently its the v2.12
http://support.dlink.com/ProductInfo.aspx?m=DCS-930L

where is the new Firmware for  DCS-930LB1.....its 2.13
« Last Edit: September 27, 2016, 06:50:25 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #12 on: September 27, 2016, 06:52:29 AM »

What region are you located?  ???

where is the new Firmware for  DCS-930LB1.....its 2.13
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

TelfordPa

  • Level 1 Member
  • *
  • Posts: 8
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #13 on: September 27, 2016, 07:03:16 AM »

I figured it out everything is fine now
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-930L Rev A v1.15.04 Firmware Comments & Observations
« Reply #14 on: September 27, 2016, 07:09:04 AM »

 ;)

Enjoy.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.