• December 03, 2020, 12:58:27 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released  (Read 2944 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49375
  • D-Link Global Forum Moderator
    • Router Troubleshooting

NOTE: Firmware 1.30B06 (Official release, not hotfix) has the below security fixes included even though version number is lower).


Firmware: v1.30 B10 Beta   02/21/2020
Revision Info
Overview

On December 23, 2019, Trend Micro's Zero Day Initiative (ZDI) research team submitted two security-related issues (1) CVE-2020-8863 (ZDI ID: ZDI-CAN-9470) an HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass vulnerability and (2) CVE-2020-8864 (ZDI ID: ZDI-CAN-9471) an HNAP strncmp Incorrect Comparison Authentication Bypass vulnerability. These vulnerabilities are  logic flaws in the implementation of the HNAP allowing an LAN-Side attacker to bypass authentication and reset the admin password

3rd Party Report information
          - Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI

          - Reference :

            - CVE-2020-8863 :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8863

               -  ZDI-CAN-9470: D-Link Routers HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

             - CVE-2020-8864 :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8864

                - ZDI-CAN-9471: D-Link Multiple Routers HNAP strncmp Incorrect Comparison Authentication Bypass Vulnerability

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157

Get it here: NA Region
DIR-882-US

Please follow the> FW Update Process to ensure a good FW upgrade is performed.

Let us know how it works for you...


« Last Edit: June 10, 2020, 06:08:28 AM by GreenBay42 »
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

PitbulI

  • Level 1 Member
  • *
  • Posts: 11

Tried to install, failed. No reason given.

Might try again this weekend but I don't want to brick the router and this seems to be a security fix, not functionality changes.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49375
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I just manually downloaded and using IE11, installed fine on mine. v1.20 was prior version loaded.  ;)
I didn't test the router out as I'm using something different currently.


Tried to install, failed. No reason given.

Might try again this weekend but I don't want to brick the router and this seems to be a security fix, not functionality changes.
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

core

  • Level 1 Member
  • *
  • Posts: 1

Upgraded from 1.20 to 1.30 just fine:

Browser: Firefox 74.0
OS: Linux Mint 19.3
File: DIR-882_REVA_FIRMWARE_1.30B10_BETA.BIN

Thank you D-Link for the security patch.
« Last Edit: March 13, 2020, 07:35:57 AM by core »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49375
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Thanks for letting us know.
Enjoy.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

zme-ul

  • Level 2 Member
  • **
  • Posts: 57

is there a difference for EU? can I try the US BETA?

nevermind, I updated to 1.30 BETA, no issues so far - will report back if I discover something
« Last Edit: March 15, 2020, 03:08:07 PM by zme-ul »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49375
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Thanks for letting us know.

Enjoy.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

zme-ul

  • Level 2 Member
  • **
  • Posts: 57

reverted back to 1.20
I found that my Android phones have a tough time searching for system updates - back on 1.20 is working smooth
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49375
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Did you factory reset and setup from scratch after v1.30 was applied.

reverted back to 1.20
I found that my Android phones have a tough time searching for system updates - back on 1.20 is working smooth
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

ashishchandra

  • Level 2 Member
  • **
  • Posts: 26

reverted back to 1.20
I found that my Android phones have a tough time searching for system updates - back on 1.20 is working smooth

Am facing the same issue.
Logged

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2590
Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
« Reply #10 on: March 26, 2020, 01:28:23 PM »

Make you both contact tech support to report the issue.

What version of android are you using?
Make/Model of phone/tablet?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49375
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
« Reply #11 on: March 26, 2020, 01:58:22 PM »

Yes Master Yoda.  ;D
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

zme-ul

  • Level 2 Member
  • **
  • Posts: 57
Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
« Reply #12 on: March 26, 2020, 02:49:09 PM »

Make you both contact tech support to report the issue.

What version of android are you using?
Make/Model of phone/tablet?
Nokia 7.1 Andoid 10 latest (february ?!) patch
Nokia 3 Android 9 latest patch
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49375
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
« Reply #13 on: March 27, 2020, 08:37:59 AM »

v1.30 is working for me.
NG CM1100 cable mode>DIR-882
DNS Relay Disabled.
Smart Connect enabled.

Samsung Galaxy Tab S2, Android v7.0
Google store just updated 27 apps thru the 882.
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

zme-ul

  • Level 2 Member
  • **
  • Posts: 57
Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
« Reply #14 on: March 28, 2020, 08:40:20 AM »

not talking about Google Store, I'm talking about System Updates for the Android OS
Logged
Pages: [1] 2