• August 17, 2018, 05:22:41 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DCS-932L Rev B - Firmware 2.16.08 Released - Official KRACK fix  (Read 832 times)

GreenBay42

  • Administrator
  • Level 7 Member
  • *
  • Posts: 1175

New firmware has been released. Fixes multiple security issues including KRACK. Only for Revision B.

Firmware - ftp://FTP2.DLINK.COM/PRODUCTS/DCS-932L/REVB/DCS-932L_REVB_FIRMWARE_v2.16.08.zip

Release Notes:

New Features:
1. Upgrade mydlink agent to 2.2.0-b33.
2. Change the default system time to 2018-01-01
3. Update the ActiveX and Java Applet with renewed code-signing certificate (validity period of the certificate is from 9/30/2016 to 10/1/2019).
4. Support digest authentication for Web UI (Cannot support basic authentication for Web UI)
5. Upgrade MatrixSSL to v3.9.3 that resolve the vulnerabilities in MatrixSSL
6. Add XSS protection mechanism for CGI command

Fixes:
1. Fixed WPA2 vulnerability issue.
2. Fixes Cross Site Request Forgery (CSRF) vulnerability for FTP setting.
3. Fixes denial of service (DoS) vulnerabilities for upload firmware and restore configuration.
4. Remove crossdomain.xml to fix a security vulnerability issue.
5. Fixed a command injection issue in the change adminís password configuration (/setSystemAdmin).
6. Fixed the issue where sending long password on password field of html page.

Known Issues:

1. When firmware upgrade from v2.14 (or before) to v2.16, the webUI redirect will be failure. This is because the webUI authentication mode changes to Digest (brute-force intrusion). Just close the browser and reopen. Log back in.
« Last Edit: May 16, 2018, 07:36:30 AM by GreenBay42 »
Logged