D-Link Forums
Announcements => Security Advisories => Topic started by: GreenBay42 on January 17, 2019, 07:14:14 AM
-
We have uncovered several critical flaws in the D-Link DIR-655 consumer grade router. In conjunction these issues allow an attacker to remotely take control of a user's device if they visit a malicious webpage.
The issues are as follows:
● Command injection via device configuration setting
● Setup wizard can be used to reset password to default
● Cross-site request forgery
● Multiple reflected cross-site scripting issues
Joel St. John
Security Consultant
NCC Group
Fixed Firmware (Revision Cx Only) - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_FIRMWARE_v3.02B05_BETA03.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_FIRMWARE_v3.02B05_BETA03.zip)
-
Wow, I get to drag out my Rev C. :o
-
8 months later, my Rev C went online last night. ;D No issues seen thus far. Speeds are great. TS and QoS enabled. Feel odd working in the old UI. :P Memories. 8) Will try and get some gaming in. ;D
-
Solid router :)
-
Was a work horse for many years. ;) Works nicely with a WiFi AX upgrade. :o
-
One issue i'm seeing with this build of FW, When I attempt to input a valid IP address or select an IP address from the Firewall/DMZ's List of detected devices, after enabling the check box and selecting Save Settings, Safari, Opera or FireFox displays:
"413 - Request Entity Too Large"
I'm trying to set a WiFi AP into the DMZ temporarily.
Seen this before in a earlier version of the Rev C FW versions years ago. I think when I was doing IP address reservations. I hoped this was gone...
Thoughts?