• November 21, 2017, 03:55:10 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DNS-320L - Firmware v1.010 B01 Comments & Observations  (Read 2486 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 43656
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology

D-Link posted DNS-320L firmware version v1.10 B10, which can be downloaded here: DNS-320L.
07/12/2017

HW Versions Supported:
DNS-320L A1/A2/A3
DNS-320LW A1/A2

Problems Resolved:
Fixed Security vulnerability listed below:
• Fixed the SAMBA security issues. CVE-2017-7494
• Fixed the login mydlink failure issue while the DNS server condition is abnormal.

Enhancements:
None
Known Issues:
None


Let us know how it works for you...
« Last Edit: July 20, 2017, 08:19:06 AM by GreenBay42 »
Logged
Cable:100mb/3Mb>Motorola SB6183>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

Voodoo

  • Level 1 Member
  • *
  • Posts: 3
  • VoodooNet.biz
    • VoodooNet
Re: New - DNS-320L - Firmware v1.010 B01 Comments & Observations
« Reply #1 on: July 16, 2017, 08:02:52 AM »

Is this a BETA version ?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 43656
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: New - DNS-320L - Firmware v1.010 B01 Comments & Observations
« Reply #2 on: July 16, 2017, 11:46:55 AM »

Yes...will probably go full release.
Logged
Cable:100mb/3Mb>Motorola SB6183>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

tadeo

  • Level 1 Member
  • *
  • Posts: 3
Re: New - DNS-320L - Firmware v1.010 B01 Comments & Observations
« Reply #3 on: July 20, 2017, 07:25:21 AM »

Samba security fix - do you mean SambaCry?
Logged
DNS-320L + DNS-320LW

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 43656
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: New - DNS-320L - Firmware v1.010 B01 Comments & Observations
« Reply #4 on: July 20, 2017, 09:46:03 AM »

Select the security link for more info on the CVE that was reported.
Logged
Cable:100mb/3Mb>Motorola SB6183>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

bysma

  • Level 1 Member
  • *
  • Posts: 1
Re: New - DNS-320L - Firmware v1.010 B01 Comments & Observations
« Reply #5 on: November 19, 2017, 04:50:25 AM »

Hello, first of all forgive me for my bad English, my native language is Spanish, I am new to the forum, although for years I have a DNS320L.

I have decided to write to give my opinion, about something that still, I do not see all I have to do to update my system.

I think there are big security and security breaches, probocados for the programming language used for access to the administration system (web). The use of a language that works on the client side as well as in Javascript and making inquiries directly is sometimes very vulnerable, since from the other side of the client you can see the code, facilitating the detection of errors and, consequently, using manually (already happened before with the user registration error)

In my opinion I think you should migrate the system to another type of language such as php, working on the server side and not the client.

- For example, the password in the access system is encrypted in base64 easily reversible, if that information is captured, it would be as simple as decode64 and we would have the real entry key. I think it can be improved by implementing another type of encrypted hash SH2 - SH3.

Also reference to access, since the filtering of the form is through javascript, it is easily manipulated to log in with blocked accounts
var re = / root | anonymous | nobody | administrator | ftp | guest | squeezecenter | sshd | messagebus | netdev / i;

giving one more point of insecurity to our system, instead of filtering the user on the server side.

In short, this is only my opinion, and an example of something I can not find a solution for years ago, I just wanted the only thing I do is contribute my bit.

I hope I'm wrong and that it's just a confusion, thanks
Logged