D-Link Forums
D-Link Wireless Routers for Home and Small Business => DIR-882 => Topic started by: GreenBay42 on November 29, 2017, 08:41:46 AM
-
Seven flaws have been patched. The seven flaws include three that can be exploited to perform remote code execution, three more that can be used in denial of service attacks, and one information-leaking blunder. The full list of flaws is as follows:
CVE-2017-14491 – Remote code execution in the DNS subsystem that can be exploited from the other side of the internet against public-facing systems and against stuff on the local network. The previously latest version had a two-byte overflow bug, which could be leveraged, and all prior builds had an unlimited overflow.
CVE-2017-14492 – The second remote code execution flaw works via a heap-based overflow.
CVE-2017-14493 – Google labels this one as trivial to exploit. It's a stack-based buffer overflow vulnerability that enables remote code execution if it's used in conjunction with the flaw below.
CVE-2017-14494 – This is an information leak in DHCP which, when using in conjunction with CVE-2017-14493, lets an attacker bypass the security mechanism ASLR and attempt to run code on a target system.
CVE-2017-14495 – A limited flaw this one, but can be exploited to launch a denial of service attack by exhausting memory. Dnsmasq is only vulnerable, however, if the command line switches --add-mac, --add-cpe-id or --add-subnet are used.
CVE-2017-14496 – Here the DNS code performs invalid boundary checks, allowing a system to be crashed using an integer underflow leading to a huge memcpy() call. Android systems are affected if the attacker is local or tethered directly to the device.
CVE-2017-13704 – A large DNS query can crash the software.
Download not available at this time.
v1.02B02 is available -- http://forums.dlink.com/index.php?topic=73093.0 (http://forums.dlink.com/index.php?topic=73093.0)
-
Thanks for this. How long does it generally takes for a firmware to leave beta?
-
Depends. Security patches may take longer since they have to go through 3rd party testing and verification. Some firmware releases may have to go through re-certification which can take time. The KRACK patches are at the highest priority so "official" releases are taking some time right now.
-
You can always try the beta and if it doesn't work well for you, you can down grade. Let us know what you find if any thing.
Thanks for this. How long does it generally takes for a firmware to leave beta?
-
I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?
-
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)
- What region are you located?
- Are you wired or wireless connected to the router?
- Was a Factory Reset performed before and after any firmware updates then set up from scratch?
Link> >FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)
What browser are you using?
Be sure to unpack the .bin file from the .zip file before sending the update.
I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?
-
Apologies for late reply.
1. USA
2. Wired
3. Router came with 1.0. Upgraded to 1.01 using the manual method. ZERO issues. Then did a full reset, downloaded 1.02 from support site. Again using manual method tried to load: DIR-882_A1_FW1.02B01Beta.bin
Fails with message: "Firmware Upgrade Failed". Tried from Chrome/Edge/IE with Anitvirus turned off.
-
Try loading it with this method:
Emergency Recovery Mode (http://forums.dlink.com/index.php?topic=44909.msg163599#msg163599)
-
I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?
OMG. I have been with Tech Support since 1/7/18 about this and they act like I'm the only one having this problem. So it's apparently broken then? I finally received this as my last interchange:
Since it is not resolved even using two computers and it is a KRACK patch issue, please use this link to email directly our Network Security Engineers.
http://support.dlink.com/ReportVulnerabilities.aspx
I did fill out that form but without much hope of a response since it specifically says it is NOT for tech support.
-
What problem are you having?
This FW file not loading? ???
I tried installing the 1.02B1 file using manual upload option. Got "Firmware upgrade failed" error. I am currenty on 1.01. What gives?
OMG. I have been with Tech Support since 1/7/18 about this and they act like I'm the only one having this problem. So it's apparently broken then? I finally received this as my last interchange:
Since it is not resolved even using two computers and it is a KRACK patch issue, please use this link to email directly our Network Security Engineers.
http://support.dlink.com/ReportVulnerabilities.aspx
I did fill out that form but without much hope of a response since it specifically says it is NOT for tech support.
-
I will test my router now.
Are you unzipping the file and loading the .BIN file?
-
Thank you sir. ;)
The first user is loading the .bin file.
I will test my router now.
-
Ok the router I have already has the KRACK firmware on it. We tried a reflash (after a hard reset) and it failed. Same happened on our 878. But the original upgrade was successful.
We will do an emergency firmware upload to put 1.01 back on and then try the beta firmware again.
-
:o
-
Techs replicated the issue, even after an emergency firmware upgrade it failed. They sent a D-Track to the engineers.
-
Something to pull the link for until it's fixed? :-\
-
It is not affecting everyone. They will have TS look into it (calls, emails, chat). If there are a bunch of people affected it will be pulled.
-
;)
-
1.01 and 1.02 firmware headers look different and file size is also different. Seems to me that 1.02 is not a proper firmware image.
https://app.box.com/s/tj8p1cxz4mt1kp3ka2n9y9680eeuh2lm (https://app.box.com/s/tj8p1cxz4mt1kp3ka2n9y9680eeuh2lm)
Bottom image is 1.02 header
-
It is not affecting everyone. They will have TS look into it (calls, emails, chat). If there are a bunch of people affected it will be pulled.
If this is at all helpful for the engineers to look at, my support Case Number is C7077651. I, too, attempted the install via recovery mode (and yes, using the unzipped .bin file) and it failed as well.
-
The issue has been reproduced and is under review. I presume a fix will be soon forth coming. Please be patient. ;)
-
D-Link is working on a new firmware. I will post as soon as I get it.
-
;)
-
I pulled this firmware off the support site until they fix it (hopefully soon). Thread is now closed.
-
Thank you. ;)
-
A fix has been released --> http://forums.dlink.com/index.php?topic=73093.0 (http://forums.dlink.com/index.php?topic=73093.0)
-
:D