D-Link Forums

D-Link IP Cameras for Home => DCS-933L => Topic started by: FurryNutz on June 18, 2019, 09:54:10 AM

Title: New - DCS-933L Rev A - Firmware v1.15 B01 Comments & Observations
Post by: FurryNutz on June 18, 2019, 09:54:10 AM
This update is in regards to >CVE-2019-10999 :: Authenticated Buffer Overflow (Various DCS Cameras) (http://forums.dlink.com/index.php?topic=74889.0)

D-Link posted DCS-933L Rev A firmware version,which can be downloaded from >DCS-933L Rev A  - Firmware v1.15 B01 Download (http://support.dlink.com/productinfo.aspx?m=DCS-933L).

Problems Fixed
1. Add CSRF protection for FTP setting.
2. Remove crossdomain.xml to fix a security vulnerability.
3. Fix an issue where sending long password on password field of html page.
4. Fix an issue that when set motion sensitivity to 0%, the motion alarm still occurs.
5. Fix an authenticated buffer overflow vulnerability issue.

New Features
1. Update Mydlink Agent to v2.2.0-b63.
2. The default system time is changed to 2019-01-01.
3. Re-sign the ActiveX plugin with the new certificate
4. Re-sign the Java Applet with the new certificate
5. Re-sign the macOS plugin with the new certificate
6. Support digest authentication for Web UI
7. Upgrade MatrixSSL to v3.9.3
8. Add XSS protection mechanism for CGI command.
9. Change the open source to GPLv2 terms

Please post your comments and observations as a reply to this thread.

 :)  ;)  :)