• March 29, 2024, 02:48:23 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations  (Read 7485 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

D-Link posted DCS-933L Rev B firmware version,which can be downloaded here: DCS-933L Rev A  - Firmware v1.13 B05 Download.

Problems Fixed
1.   Fixed CSRF vulnerability for the camera’s web-UI (Exclude CGI APIs).
2.   Fixed an issue where IP Camera blocks CGI request from Chrome and Edge.

New Features
1.   Update the mydlink agent to v2.0.20-b10.
2.   Remove the Direct Mode function.
3.   Upgrade OpenSSL library to 1.0.1f.



Please post your comments and observations as a reply to this thread.

 :)  ;)  :)
« Last Edit: February 23, 2017, 08:45:43 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

rjms

  • Level 1 Member
  • *
  • Posts: 13
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #1 on: October 25, 2016, 09:21:55 PM »

Quote
DCS-933L Rev A  - Firmware v1.13 B05
(...)
2.   Remove the Direct Mode function.
3.   Upgrade OpenSSL library to 1.0.1f.

So, who'll be brave enough to try first?

Wondering if they introduced the same annoyances as the newest 930L(A) firmware... or worst, if they circumvented the referrer hack that palliated those annoyances...

Questions:
  • Anyone knows if this is reversible to older firmware?
  • What is "Direct Mode function", anything we'll miss? Can't find it in the 1.12.03 interface.
    Is it to view video directly in a browser (CGI) without java?
    Does it affect use with 3rd party apps (like iSpy)?
  • OpenSSL 1.0.1f dates back to January 2014! It's currently (2016-09) at 1.0.1u... Ok, not a question, just an observation that begs a question...

Note: strangely, the PDF mentions 2016-01-18 as date of release for 1.13.05, including a typo that states 931L... maybe a crude cut&paste from an earlier update for 931L.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #2 on: October 25, 2016, 09:36:02 PM »

i already have this loaded. Works well. There was a delay in getting the release notes to the web guys so even though the dates are correct, the actual release was delayed posting to the web site.

You can downgrade FW versions.
« Last Edit: October 26, 2016, 07:10:03 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

rjms

  • Level 1 Member
  • *
  • Posts: 13
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #3 on: October 28, 2016, 07:25:43 AM »

Quote
Works well.
So, can you access, say, your_cam_IP/image.htm directly (e.g. for bookmarking for quick access) without getting the "The request is forbidden" message?

Quote
You can downgrade FW versions.
Good to know, thanks.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #4 on: October 28, 2016, 08:24:46 AM »

I haven't tried that. I'll give it a go this weekend and let you know.

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

rjms

  • Level 1 Member
  • *
  • Posts: 13
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #5 on: November 28, 2016, 08:37:04 AM »

Now that I upgraded the firmware, I can confirm it has the same  ridiculous  misbehavior where simply browsing directly on any page of the web UI gives a "The request is forbidden" message.
You have to go through it's home page to get to the other pages.

They'll claim it's for security, but it's not true since you can overcome by simply spoofing the referrer in cURL or through a Greasemonkey script (both tested), or probably through some Extension that can change the referrer (not tested).

*Sigh*
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #6 on: November 28, 2016, 08:41:04 AM »

What browser and OS platform are you using ?

Now that I upgraded the firmware, I can confirm it has the same  ridiculous  misbehavior where simply browsing directly on any page of the web UI gives a "The request is forbidden" message.
You have to go through it's home page to get to the other pages.

They'll claim it's for security, but it's not true since you can overcome by simply spoofing the referrer in cURL or through a Greasemonkey script (both tested), or probably through some Extension that can change the referrer (not tested).

*Sigh*
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

rjms

  • Level 1 Member
  • *
  • Posts: 13
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #7 on: November 28, 2016, 10:01:17 AM »

The bug (or intended "feature") can is reproduced on the following OSes and browsers:
  • Windows 7 x64, Firefox (unless as noted above I use a Greasemonkey script to spoof referrer)
  • Windows 7 x64, IE11
  • Android (on Nexus 7), Firefox
  • Linux Mint 17, Firefox
Of course, no immediate results on Chrome (or Chromium) on Windows, Android or Linux because DLink actively blocks access from that browser anyway...
... unless I use an agent spoofer, which will perfectly show the web UI, but again going directly to individual pages gives the error message.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #8 on: November 28, 2016, 11:03:48 AM »

Thank you for this information. I'll try this with my 933L this evening.  ???


The bug (or intended "feature") can is reproduced on the following OSes and browsers:
  • Windows 7 x64, Firefox (unless as noted above I use a Greasemonkey script to spoof referrer)
  • Windows 7 x64, IE11
  • Android (on Nexus 7), Firefox
  • Linux Mint 17, Firefox
Of course, no immediate results on Chrome (or Chromium) on Windows, Android or Linux because DLink actively blocks access from that browser anyway...
... unless I use an agent spoofer, which will perfectly show the web UI, but again going directly to individual pages gives the error message.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DCS-933L Rev A - Firmware v1.13 B05 Comments & Observations
« Reply #9 on: November 28, 2016, 03:45:43 PM »

Ya I can confirm the forbidden message when using IPaddress/image.htm.

This maybe something D-Link is blocking now.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.