D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: FurryNutz on January 05, 2018, 12:25:26 PM

Title: New - DIR-655 Rev B Only v2.12NA Build 01 Security Release
Post by: FurryNutz on January 05, 2018, 12:25:26 PM
Firmware: v2.12NA Build 01 Beta   06/20/2017
Release Notes:
Overview:
The DIR-655 contains four (4) vulnerabilities accessible from the LAN-side of the device
presenting potential security risks. First vulnerability allows a malicious user to bypass
authentication to gain administrative level access to the router’s web management
console. The vulnerability is only exposed when an authenticated user session is
logged-in on the device and that authenticated user's address is used, shortening the
window of opportunity for the attacker.

A second vulnerability was discovered that script injection can be performed on some input fields resulting in Cross-Site Scripting (XSS)
vulnerabilities to the device configuration interface.
 
Next, a third vulnerability, discloses log-in credentials and WiFi Encryption key of an authorized user by sending clear
text data between the device's web configuration interface and the authorized user's browser.
 
Last, a fourth vulnerability found a cgi command, regardless of authentication, will provide device configuration information.

References:
Keven Jiang :: Contact  :: November 1, 2014
Description:
A request can be made to security@dlink.com for further information.

Get it here: DIR-655 Rev B (http://www.dlink.com/ca/en/support/product/dir-655-wireless-n-gigabit-router?revision=ca_revb)

Follow this for updating:
FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)

NOTE: if your router is working with out any issues, it's recommended to keep the current version of FW that is loaded.IF IT WORKS, DON'T FIX IT!!!  ::)
Title: Re: New - DIR-655 Rev B Only v2.12NA Build 01 Security Release
Post by: FurryNutz on January 05, 2018, 01:49:35 PM
FYI:
"This product has been discontinued.
Free support for this product will end on 06/01/2018"