D-Link Forums

The Graveyard - Products No Longer Supported => IP Cameras => DCS-932L => Topic started by: GreenBay42 on May 16, 2018, 07:32:30 AM

Title: DCS-932L Rev B - Firmware 2.16.08 Released - Official KRACK fix
Post by: GreenBay42 on May 16, 2018, 07:32:30 AM

New firmware has been released. Fixes multiple security issues including KRACK. Only for Revision B.

Firmware - ftp://FTP2.DLINK.COM/PRODUCTS/DCS-932L/REVB/DCS-932L_REVB_FIRMWARE_v2.16.08.zip (ftp://FTP2.DLINK.COM/PRODUCTS/DCS-932L/REVB/DCS-932L_REVB_FIRMWARE_v2.16.08.zip)

Release Notes:

New Features:
1. Upgrade mydlink agent to 2.2.0-b33.
2. Change the default system time to 2018-01-01
3. Update the ActiveX and Java Applet with renewed code-signing certificate (validity period of the certificate is from 9/30/2016 to 10/1/2019).
4. Support digest authentication for Web UI (Cannot support basic authentication for Web UI)
5. Upgrade MatrixSSL to v3.9.3 that resolve the vulnerabilities in MatrixSSL
6. Add XSS protection mechanism for CGI command

Fixes:
1. Fixed WPA2 vulnerability issue.
2. Fixes Cross Site Request Forgery (CSRF) vulnerability for FTP setting.
3. Fixes denial of service (DoS) vulnerabilities for upload firmware and restore configuration.
4. Remove crossdomain.xml to fix a security vulnerability issue.
5. Fixed a command injection issue in the change admin’s password configuration (/setSystemAdmin).
6. Fixed the issue where sending long password on password field of html page.

Known Issues:

1. When firmware upgrade from v2.14 (or before) to v2.16, the webUI redirect will be failure. This is because the webUI authentication mode changes to Digest (brute-force intrusion). Just close the browser and reopen. Log back in.