D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: FurryNutz on January 05, 2018, 12:25:26 PM
-
Firmware: v2.12NA Build 01 Beta 06/20/2017
Release Notes:
Overview:
The DIR-655 contains four (4) vulnerabilities accessible from the LAN-side of the device
presenting potential security risks. First vulnerability allows a malicious user to bypass
authentication to gain administrative level access to the router’s web management
console. The vulnerability is only exposed when an authenticated user session is
logged-in on the device and that authenticated user's address is used, shortening the
window of opportunity for the attacker.
A second vulnerability was discovered that script injection can be performed on some input fields resulting in Cross-Site Scripting (XSS)
vulnerabilities to the device configuration interface.
Next, a third vulnerability, discloses log-in credentials and WiFi Encryption key of an authorized user by sending clear
text data between the device's web configuration interface and the authorized user's browser.
Last, a fourth vulnerability found a cgi command, regardless of authentication, will provide device configuration information.
References:
Keven Jiang :: Contact :: November 1, 2014
Description:
A request can be made to security@dlink.com for further information.
Get it here: DIR-655 Rev B (http://www.dlink.com/ca/en/support/product/dir-655-wireless-n-gigabit-router?revision=ca_revb)
Follow this for updating:
FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)
NOTE: if your router is working with out any issues, it's recommended to keep the current version of FW that is loaded.IF IT WORKS, DON'T FIX IT!!! ::)
-
FYI:
"This product has been discontinued.
Free support for this product will end on 06/01/2018"