D-Link Forums

The Graveyard - Products No Longer Supported => Routers => DIR-655 => Topic started by: DCIFRTHS on December 13, 2013, 02:00:09 AM

Title: UPnP vulnerability and rev A of the DIR-655
Post by: DCIFRTHS on December 13, 2013, 02:00:09 AM
Does anyone know if the UPnP vulnerability been fixed on the "A" version of this router? If so, as of what firmware was it fixed in?

I also posted the question in the sticky, but I'm not sure if anyone will see it there, so I started this topic.

Thanks!
Title: Re: UPnP vulnerability and rev A of the DIR-655
Post by: davevt31 on December 13, 2013, 04:44:56 AM
Release Notes say 1.32

ftp://ftp.dlink.com/Gateway/dir655/Firmware/dir655_release_notes.txt (ftp://ftp.dlink.com/Gateway/dir655/Firmware/dir655_release_notes.txt)
Title: Re: UPnP vulnerability and rev A of the DIR-655
Post by: FurryNutz on December 13, 2013, 07:09:09 AM
All recent versions of Rev A FW will include any fixes for uPnP:
http://forums.dlink.com/index.php?topic=54449.0 (http://forums.dlink.com/index.php?topic=54449.0)
Title: Re: UPnP vulnerability and rev A of the DIR-655
Post by: DCIFRTHS on December 14, 2013, 01:17:41 AM
Release Notes say 1.32

ftp://ftp.dlink.com/Gateway/dir655/Firmware/dir655_release_notes.txt (ftp://ftp.dlink.com/Gateway/dir655/Firmware/dir655_release_notes.txt)

I missed that... Thanks!
Title: Re: UPnP vulnerability and rev A of the DIR-655
Post by: DCIFRTHS on December 14, 2013, 01:24:15 AM
All recent versions of Rev A FW will include any fixes for uPnP:
http://forums.dlink.com/index.php?topic=54449.0 (http://forums.dlink.com/index.php?topic=54449.0)

I'm confused:

1) Is it correct to say that the "A" version of the router has been patched for the Denial of Service Flaws in MiniUPnPd since v1.32, and the "B" version was just recently patched?

2) Is the fix for the "A" (mentioned as "Fix UPnP bug" in the release notes), the same fix as mentioned above - the "Denial of Service Flaws in MiniUPnPd"?

Thanks!
Title: Re: UPnP vulnerability and rev A of the DIR-655
Post by: FurryNutz on December 14, 2013, 10:04:12 AM
Yes and we presume so...