• December 13, 2018, 07:58:04 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: DNR-202L - Firmware Security Patch v2.05.01 Released  (Read 2898 times)

GreenBay42

  • Administrator
  • Level 9 Member
  • *
  • Posts: 1561
DNR-202L - Firmware Security Patch v2.05.01 Released
« on: November 22, 2017, 09:00:59 AM »

A firmware patch has been released.

Firmware --> ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DNR-202L/REVA/DNR-202L_REVA_FIRMWARE_PATCH_v2.05.01.zip

Release Notes:

Vulnerability ID: CVE-2012-5958   

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
Logged

nukemedic

  • Level 1 Member
  • *
  • Posts: 2
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #1 on: December 23, 2017, 07:15:34 AM »

Glad to hear that security is being maintained. 

But I noticed that the button and tab descriptions all seem incorrect now - looks like variable names are being used instead of labels?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46294
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #2 on: December 23, 2017, 10:26:07 AM »

Please give a example of what your seeing or screen capture please.
Adding Screenshots In A Post

What browser are you using?

Glad to hear that security is being maintained. 

But I noticed that the button and tab descriptions all seem incorrect now - looks like variable names are being used instead of labels?
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

nukemedic

  • Level 1 Member
  • *
  • Posts: 2
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #3 on: December 24, 2017, 04:36:40 AM »

latest safari on mac running sierra (not high sierra yet)

this is the first page, all pages are like this, settings pages even worse

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46294
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #4 on: December 24, 2017, 10:46:50 AM »

Ok, I can confirm this as well:


Grammer Check:


Seen in both Safari and FF ESR (v52)

I'll pass this one to D-Link for review.

« Last Edit: December 24, 2017, 10:48:46 AM by FurryNutz »
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

RYAT3

  • Level 10 Member
  • *****
  • Posts: 2110
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #5 on: December 30, 2017, 02:04:50 PM »

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46294
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #6 on: December 30, 2017, 02:11:02 PM »

There are a few UI issues i've found. I've passed this long to D-Link for review. I presume they will have a look at this Monday.

If you need too, you could revert back to v2.04. I presume this issue will take some time before we see a fixed release.  ::)

Are your months there?

https://www.screencast.com/t/lAqGr2xzx
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

RYAT3

  • Level 10 Member
  • *****
  • Posts: 2110
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #7 on: December 30, 2017, 04:04:30 PM »

There are a few UI issues i've found. I've passed this long to D-Link for review. I presume they will have a look at this Monday.

If you need too, you could revert back to v2.04. I presume this issue will take some time before we see a fixed release.  ::)

Are your months there?

https://www.screencast.com/t/lAqGr2xzx

2.04.03 is where it started for me.

I'm curious on your mac, specifically:  Are your months missing in playback?

Have you tried to reinstall 2.05?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46294
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #8 on: January 02, 2018, 10:08:35 AM »

Looks like this issue was reproduced at D-Link and is now under review for fix. Hopefully soon. Please be patient.  ;)
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

magarity

  • Level 1 Member
  • *
  • Posts: 5
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #9 on: August 17, 2018, 05:55:24 PM »

I've been using this patch for a while now and it works without any problem except the UI has all this goofy sample text instead of real menu values such as "System Restart Btn" for reset after setting change button.  Pretty much all the menu items are labeled in Java style camelCase. I can figure them out since I do software development but to release this to customers like this is kind of sad. Please polish it off and release an official update since this patch isn't even what comes up when going through the DLink website's "find updates".
Logged

GreenBay42

  • Administrator
  • Level 9 Member
  • *
  • Posts: 1561
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #10 on: August 27, 2018, 02:58:17 PM »

Sorry 10 days later....

Is this in the DNR-202L UI or mydlink.com?

What browser(s) are you using? 

We installed the 2.05 firmware and the web UI is OK in IE11. Going to test other browsers later today.

Also, BETA firmware are not pushed through the mydlink server.
« Last Edit: August 27, 2018, 03:01:15 PM by GreenBay42 »
Logged

wifilink

  • Level 2 Member
  • **
  • Posts: 27
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #11 on: September 05, 2018, 04:46:38 PM »

Why isn't this firmware update on the D-Link support page for this product? It is still showing version 2.04.03

http://support.dlink.ca/ProductInfo.aspx?m=DNR-202L
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46294
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #12 on: September 05, 2018, 04:48:08 PM »

You'll need to contact D-Link Canada about that. The update file listed here is for the USA. However is available for use for Canadian users to try.
USA and Canada handle there own files and support sites.

Why isn't this firmware update on the D-Link support page for this product? It is still showing version 2.04.03

http://support.dlink.ca/ProductInfo.aspx?m=DNR-202L
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

GreenBay42

  • Administrator
  • Level 9 Member
  • *
  • Posts: 1561
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #13 on: September 05, 2018, 05:37:52 PM »

D-Link Canada discontinued this product a while ago but should be posting security firmware (unless they found issues with it and removed it). I will contact them tomorrow morning.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46294
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DNR-202L - Firmware Security Patch v2.05.01 Released
« Reply #14 on: September 05, 2018, 05:38:46 PM »

Thank you Sir.  ;)
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!
Pages: [1] 2