DCS-930L Rev B - Security Patch Firmware

The Graveyard - Products No Longer Supported > DCS-930L

DCS-930L Rev B - Security Patch Firmware - v2.15B06 Released

(1/4) > >>

GreenBay42:
A security patch has been released for revision B only.

EDIT: Firmware is no longer BETA. Officially released on Jan 23, 2018

Firmware --> ftp://FTP2.DLINK.COM/PRODUCTS/DCS-930L/REVB/DCS-930L_REVB_FIRMWARE_v2.15.06.zip

Release Notes:

Reported:
Reported on 09/06/2017 by Robin Stenvi (robin dot stenvi at protomail dot com)

The following affects firmware versions 2.14.04 and below.

Problems Fixed:
1. Cross-Site Request Forgery (CSRF) which may lead to configuration information exposure.
2. Denial of Service (DoS) in the cameras CGI web framework that may lead to the camera becoming unresponsive.
3. Adobe Flash Player configuration resulting in an unintentional Cross-Origin Resource Sharing misconfiguration that my lead to further malicious attacks on the camera.

New Features:
1. Upgrade mydlink agent to 2.2.0-b03
2. Change the system default date to 2017/01/01
3. Update the ActiveX and Java Applet with renewed code-signing certificate (validity period of the certificate is from 9/30/2016 to 10/1/2019).
4. Support digest authentication for Web UI

jasred:
I think there may be things wrong with this version. After installing on 3 cams, two of them would no longer authenticate via curl. This version also does not work with Firefox (unless you use a user-agent switcher), and it requires IE on windows...

FurryNutz:
CURL may have been something that wasn't officially supported or a security issue so D-Link may have closed that door.

Try using FF ESR for connecting to the cameras. Newer versions of FF standard have stopped supporting plug-ins so may not work correctly:
http://forums.dlink.com/index.php?topic=66483.0

--- Quote from: jasred on January 15, 2018, 10:58:22 AM ---I think there may be things wrong with this version. After installing on 3 cams, two of them would no longer authenticate via curl. This version also does not work with Firefox (unless you use a user-agent switcher), and it requires IE on windows...

--- End quote ---

jasred:

--- Quote from: FurryNutz on January 15, 2018, 12:09:41 PM ---CURL may have been something that wasn't officially supported or a security issue so D-Link may have closed that door.

--- End quote ---

The problem with that theory is they didn't seem to close the door for all three cams that I upgraded so I can't take that to the bank.

FurryNutz:
So you have a camera that still authenticates via CURL then?
What was the process you followed for updating FW? Was any resets performed?

Navigation

[0] Message Index

[#] Next page

Go to full version