• March 30, 2020, 08:15:47 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DIR-868L Rev A v1.20 Build 01 Beta FW - Official Security Release  (Read 6802 times)

FurryNutz

  • Poweruser

  • ▲▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Firmware:   v1.20 Build 01 Beta   02/28/2018 WW Region!
Revision Info:   
Problems Resolved:
Reported: 01/14/2018
Discovered by: Kaixiang Zhang of Qihoo 360 Gear Team

CVE-2018-6527 - XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php allowing remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.

CVE-2018-6528 - XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php allowing remote attackers to read a cookie via a crafted receiver parameter to soap.cgi

CVE-2018-6529 - XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php allowing remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.

CVE-2018-6530 - OS command injection vulnerability in soap.cgi (soapcgi_main incgibin) allowing remote attackers to execute arbitrary OS commands via the service parameter.


NOTE: Follow the>FW Update Process

Get it here:
DIR-868L


« Last Edit: February 28, 2018, 02:03:09 PM by GreenBay42 »
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

AFRK

  • Level 1 Member
  • *
  • Posts: 1

Hello and thanks for updating the firmware to fix the vulnerability

after doing the firmware update as described, im no longer getting any info on the web interface of my router, and i getting a InitGeneral() ERROR!!!

Any way to fix this issue? im trying to set up again the date and time but nothing is getting saved, so i dont want to reset the router because im not sure if anything is going to get saved and i end with a router that i cant reconfigure.

heres a SS of the issue im having.

Thanks for your help.

Logged

FurryNutz

  • Poweruser

  • ▲▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Link>Welcome!

  • What region are you located?

What browser are you using?
Try Opera or FF? If IE 8, 9, 10 or 11, set compatibility mode and test again. (For older generation routers.)
Disable any security browser Add-ons like No Script and Ad-Block or configure them to allow All Pages when connected to the router.
Clear all browser caches.

Hello and thanks for updating the firmware to fix the vulnerability

after doing the firmware update as described, im no longer getting any info on the web interface of my router, and i getting a InitGeneral() ERROR!!!

Any way to fix this issue? im trying to set up again the date and time but nothing is getting saved, so i dont want to reset the router because im not sure if anything is going to get saved and i end with a router that i cant reconfigure.

heres a SS of the issue im having.

Thanks for your help.


Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

Hans Gruber

  • Level 1 Member
  • *
  • Posts: 2

Hi, thanks for this updated firmware. Does it include the KRACK fix? Thanks.
Logged

FurryNutz

  • Poweruser

  • ▲▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Doesn't look like it.

I don't see it on the list for a KRACK fix either:
http://forums.dlink.com/index.php?topic=72763.0

I'll ask about this and see. The 868L is EOL so not sure if it will get anything more.

Hi, thanks for this updated firmware. Does it include the KRACK fix? Thanks.
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

GreenBay42

  • Administrator
  • Level 10 Member
  • *
  • Posts: 2433

If the product is not on this list, it is (most likely) not affected --> https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10075

The 868 is not on the list.
Logged

FurryNutz

  • Poweruser

  • ▲▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Thank you.

Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

Hans Gruber

  • Level 1 Member
  • *
  • Posts: 2

Thanks for the replies.
Logged

FurryNutz

  • Poweruser

  • ▲▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting

 ;)
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

FurryNutz

  • Poweruser

  • ▲▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DIR-868L Rev A v1.20 Build 01 Beta FW - Official Security Release
« Reply #9 on: October 24, 2018, 04:02:56 PM »

Just want to report that I found my 868L not responding in wireless bridge mode with a DISH Joey connected to it and to a non D-Link wireless AP on 5Ghz. I tired power cycling the 868L and connecting to the UI while in bridge mode. I found that using IE and FF and other browsers I could get to the web page, however with no PW set, selecting Enter or Login does nothing. Just sits there. I cleared all browser caches and still nothing. I factory reset the router via push pin button and I could get to the router mode web page and log in. Selecting Bridge mode again from the routers web page, it rebooted and again, I can access the log in page in bridge mode however enter or Log in does nothing. So I did the recovery mode method and loaded v1.12 on to the router. The FW took and it rebooted however my PC would not get an IP address, so I power cycled the router off then back on then the PC finally got an IP address. I logged into the router in router mode and selected Bridge mode and let it reboot. I set the PC for static IP and waited for the router to come to ready. This time I could get to the web page and can log in and get into the routers web page in bridge mode.

Not sure what happens to cause this odd log in behavior on this version of FW while in bridge mode. Something users to be aware of. I presume D-Link won't do anything since the 868L is EOL. Wanted to let others know.

I'll try and reload this version again and see if I can reproduce.
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

FurryNutz

  • Poweruser

  • ▲▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DIR-868L Rev A v1.20 Build 01 Beta FW - Official Security Release
« Reply #10 on: January 04, 2020, 04:05:57 PM »

FYI there is a new security patch FW available for the 868L. I'll download this and check it out. I presume existing problems are not corrected, i.e. QoS and Bridge mode stops working.
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147

I'll post my experiences...
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

FurryNutz

  • Poweruser

  • ▲▲
  • *****
  • Posts: 48520
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DIR-868L Rev A v1.20 Build 01 Beta FW - Official Security Release
« Reply #11 on: February 21, 2020, 08:17:08 AM »

FYI, Security update for the DIR-868L Rev B Only:
http://forums.dlink.com/index.php?topic=75404.0
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!