• October 23, 2019, 02:49:54 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DCS-932L Rev A v1.13.04 Firmware Comments & Observations  (Read 1816 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47844
  • D-Link Global Forum Moderator
    • Router Troubleshooting

D-Link posted DCS-932L Rev A firmware version v1.13 B04 which can be downloaded here: https://www.mydlink.com/download.

Problems Fixed
1. Fixed CSRF vulnerability for the camera’s web-UI (Exclude CGI APIs).
2. Fixed the “RSA-CRT key leaks” vulnerability.
3. Fixed the “LANDAP stack overflow“ vulnerability. (discovered by search SEARCH-LAB)
4. Remove the “Arbitrary file upload interface” vulnerability. (discovered by search SEARCH-LAB)
5. Fixed an issue that Time zone setting for Minsk should be GMT+3.
6. Fixed a vulnerability - Authenticated Arbitrary File Upload with Root Privileges. (discovered by IOActive Security)
7. Fixed a vulnerability - Authenticated Root OS Command Injection in File Upload. (discovered by IOActive Security)
8. Fixed an XSS vulnerability - Stored XSS in User Name. (discovered by IOActive Security) 
9. Fixed an XSS vulnerability - Reflected XSS in HTTP Host Header. (discovered by IOActive Security)

New Features
1.   Upgrade mydlink agent to 2.1.0-b27.
2.   Change the HTTPs self-signed certificate to SHA2 algorithms.
3.   Support Mydlink UID mechanism (mdb get dev_uid)
4.   Change the support page hyperlink of Firmware Upgrade web-UI to www.dlink.com.
5.   Updated OpenSSL to v0.9.8o.
6.   Remove mDNSResponder daemon on the unit.
7.   Remove the Bonjour settings from the Network Setup web-UI
8.   Change the default system time to 2016-01-01
9.   Update the years in the copyright statement for IP Camera’s web-UI to 2016.
10.   Add authentication to CGI /config/stream_info.cgi.
11.   Offer the password validation on console port. (Console’s Password is synchronized with the admin’s password)


Please post your comments and observations as a reply to this thread.

 :)  ;)  :)
« Last Edit: July 26, 2016, 09:41:30 AM by FurryNutz »
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting