Aperto da Pondera, 06 Luglio 2010, 18:36:40
DAP-2553 Firmware Release NotesFirmware Version: 1.31rc071Published Date: 2015/01/21New Features: 1. Update patch for support CE EN300328 v1.8.1 & EN301893 v1.7.1Changes of MIB & D-View Module:NoneProblems Fixed:1. [Openssl] upgrade openssl. from 0.9.8g to 0.9.8za,2. Add DHCP force unicast/broadcast function,3. [Encrypt]: encrypt some sensitive (passphrase ,login password ,etc...)data in web.4. Fix Iftable index issue5. Update frequency base on D-Link Wi-FI frequency table_20141002.pdfKnown Issues:NoneRelated Documentation:- DAP-2553 User Manual v1.3
DAP-2553 Firmware ChangesHardware: Rev.AFirmware: 1.32rc074Date: 2016/03/25Problems Fixed1. Fix CVE-2016-1559 security issueOverviewZERO - DAY: Researchers at Carnegie Mellon and Boston universities used an open-source framework to perform dynamic security analysis on embedded firmware. Two issues affect D-Link:ISSUES1) Buffer overflow: The web server for D-Link Access Points has a buffer overflow vulnerability triggered while parsing the dlink _uid cookie (CVE-2016-1558)Impact: APs may be exposed to possibilities leading to abnormal operation such as the Web Manage page not allowing login. This means the user cannot adjust the settings of the device and other functions under the Web Manager. However, this does not lead to remote code execution and a hacker cannot take control of the device, gain passwords or any other illegal entry to the network through this vulnerability. 2) Password/ Username Exposure through SNMP: For 3 D-Link Access Points (DAP-1353 H/W ver. B1, DAP-2553 H/W ver. A1, DAP-3520 H/W ver. A1), the administrative username/password is exposed through SNMP OID strings. CVE-2016-1559. Impact : The SNMP OID string text containing the password/username can only be accessed if the following 3 conditions are met: 1) SNMP protocol is enabled. 2) the device administrator is performing management tasks through SNMP. 3) The attacker sniffs out the correct packets to obtain the password/username. Please note that not all D-Link access points have the SNMP protocol enabled by default. References•http://www.pcworld.com/article/3039176/security/new-firmware-analysis-framework-finds-serious-flaws-in-netgear-and-d-link-devices.html•http://seclists.org/fulldisclosure/2016/Feb/112General RecommendationsImmediately update to the fixed firmware referenced in the table below as they are made available. Please continue to monitor this page for further updates and disclosures.
CitazioneProblems Resolved: 1.Apply QCA wpa2 security patch (KRACK)
Pagina creata in 0.206 secondi con 19 interrogazioni.