• October 23, 2017, 08:21:35 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Firmware 1.20B02 Released - SECURITY PATCH  (Read 136 times)

GreenBay42

  • Administrator
  • Level 4 Member
  • *
  • Posts: 411
Firmware 1.20B02 Released - SECURITY PATCH
« on: October 06, 2017, 09:46:54 AM »

The ZIP file will include 2 firmware files, release notes, and instructions.

Install v1.15 first, reboot, then install 1.20b02, reboot. It is recommended to perform a hard reset (paper clip in reset hole for 10 seconds) after updating.

DO NOT SKIP v1.15. Updating to 1.20B02 directly will not fix all issues.


Firmware - ftp://FTP2.DLINK.COM/PRODUCTS/DIR-885L/REVA/DIR-885L_REVA_FIRMWARE_PATCH_v1.20B02.zip


Release Notes:

  • Add Firmware Protection to BIN file and System
  • WAN && LAN - XSS exploit  (CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416)
  • WAN - Weak Cloud protocol  (CVE-2017-14419, CVE-2017-14420)
  • WAN && LAN - Stunnel private keys  (CVE-2017-14422)
  • WAN && LAN - Nonce brute forcing for DNS configuration  (CVE-2017-14423)
  • Local - Weak files permission and credentials stored in clear text  (CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-
    14428)
  • LAN DoS attack against some daemons  (CVE-2017-14430)
  • Security fixes to PHP CGI files to mitigate exposing credentials
  • Correct stack overflow vulnerability caused by HNAP
« Last Edit: October 06, 2017, 11:11:57 AM by GreenBay42 »
Logged