• December 11, 2018, 10:09:32 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released  (Read 3414 times)

GreenBay42

  • Administrator
  • Level 9 Member
  • *
  • Posts: 1550
DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« on: December 13, 2017, 07:18:13 AM »

A security patch has been released for revision B only.

EDIT: Firmware is no longer BETA. Officially released on Jan 23, 2018

Firmware --> ftp://FTP2.DLINK.COM/PRODUCTS/DCS-930L/REVB/DCS-930L_REVB_FIRMWARE_v2.15.06.zip

Release Notes:

Reported:
Reported on 09/06/2017 by Robin Stenvi (robin dot stenvi at protomail dot com)

The following affects firmware versions 2.14.04 and below.

Problems Fixed:
1. Cross-Site Request Forgery (CSRF) which may lead to configuration information exposure.
2. Denial of Service (DoS) in the cameras CGI web framework that may lead to the camera becoming unresponsive.
3. Adobe Flash Player configuration resulting in an unintentional Cross-Origin Resource Sharing misconfiguration that my lead to further malicious attacks on the camera.

New Features:
1. Upgrade mydlink agent to 2.2.0-b03
2. Change the system default date to 2017/01/01
3. Update the ActiveX and Java Applet with renewed code-signing certificate (validity period of the certificate is from 9/30/2016 to 10/1/2019).
4. Support digest authentication for Web UI
« Last Edit: July 24, 2018, 01:15:24 PM by GreenBay42 »
Logged

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #1 on: January 15, 2018, 10:58:22 AM »

I think there may be things wrong with this version. After installing on 3 cams, two of them would no longer authenticate via curl. This version also does not work with Firefox (unless you use a user-agent switcher), and it requires IE on windows...
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46286
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #2 on: January 15, 2018, 12:09:41 PM »

CURL may have been something that wasn't officially supported or a security issue so D-Link may have closed that door.

Try using FF ESR for connecting to the cameras. Newer versions of FF standard have stopped supporting plug-ins so may not work correctly:
http://forums.dlink.com/index.php?topic=66483.0

I think there may be things wrong with this version. After installing on 3 cams, two of them would no longer authenticate via curl. This version also does not work with Firefox (unless you use a user-agent switcher), and it requires IE on windows...
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #3 on: January 15, 2018, 12:49:37 PM »

CURL may have been something that wasn't officially supported or a security issue so D-Link may have closed that door.


The problem with that theory is they didn't seem to close the door for all three cams that I upgraded so I can't take that to the bank.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46286
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #4 on: January 15, 2018, 12:52:29 PM »

So you have a camera that still authenticates via CURL then?
What was the process you followed for updating FW? Was any resets performed?
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #5 on: January 15, 2018, 12:57:05 PM »

So you have a camera that still authenticates via CURL then?
What was the process you followed for updating FW? Was any resets performed?

Correct, one camera works with curl.

Your second question may point to something. I used FF to do the upgrades and
maybe that caused an issue. I will try one of the cams that fails with curl and use
IE for the upgrade (wired connection of course). I'll let you know.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46286
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #6 on: January 15, 2018, 01:03:50 PM »

 ;)

What version of FF did you use?
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #7 on: January 15, 2018, 01:17:54 PM »

;)

What version of FF did you use?

Win 10  and FF 57.0.4 64 bit

Using IE did not work. The same problem.

I also noticed that 2.14.04 seemed to upgrade nicely with a message at the end
that states "Firmware upgrade completed". The new firmware just displays a "reply"
web page.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46286
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #8 on: January 15, 2018, 01:41:29 PM »

Reply?

Can you post a picture if what you see with the v2.15 FW update message?
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #9 on: January 15, 2018, 01:48:20 PM »

Reply?

Can you post a picture if what you see with the v2.15 FW update message?

Sorry, I may have been too glib. It's not a reply web page per se, it tries to display
a page, but gives you a error page instead. The page shows "The website declined to show this webpage".
The page that it was trying to display is "replyk.htm".
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46286
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #10 on: January 15, 2018, 01:49:26 PM »

Hmm, this in FF and IE?

Did you clear out the browser cache before and after sending the FW file?
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #11 on: January 15, 2018, 01:58:15 PM »

Hmm, this in FF and IE?

Did you clear out the browser cache before and after sending the FW file?

Yes, both FF and IE display that last page problem.

No, to the cache clearing question. I have never had to do that before and I've been
doing stuff like this for years.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 46286
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #12 on: January 15, 2018, 02:02:09 PM »

Can you try a factory reset, on one camera the do the cache clear on either browser and see if same thing still happens.

Are these cameras wired or wireless connected when FW updates happen?

I'll pass this on to D-Link for review. Not sure what is happening.
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

jasred

  • Level 1 Member
  • *
  • Posts: 10
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #13 on: January 15, 2018, 02:08:48 PM »

Can you try a factory reset, on one camera the do the cache clear on either browser and see if same thing still happens.

Are these cameras wired or wireless connected when FW updates happen?

I'll pass this on to D-Link for review. Not sure what is happening.

I actually had done a factory reset on one of them that fails.

I will try the cache clearing test tomorrow and let you know.

I always use wired connections when applying firmware.

Thanks for passing this on...
Logged

GreenBay42

  • Administrator
  • Level 9 Member
  • *
  • Posts: 1550
Re: DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released
« Reply #14 on: January 15, 2018, 02:17:17 PM »

After the firmware upgrade can you get into the camera's UI without issue?  If not can you ping the camera?
Logged
Pages: [1] 2