D-Link Forums

D-Link Wireless Routers for Home and Small Business => DIR-882 => Topic started by: FurryNutz on February 24, 2020, 04:30:10 PM

Title: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on February 24, 2020, 04:30:10 PM

NOTE: Firmware 1.30B06 (Official release, not hotfix) has the below security fixes included even though version number is lower).


Firmware: v1.30 B10 Beta   02/21/2020
Revision Info
Overview

On December 23, 2019, Trend Micro's Zero Day Initiative (ZDI) research team submitted two security-related issues (1) CVE-2020-8863 (ZDI ID: ZDI-CAN-9470) an HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass vulnerability and (2) CVE-2020-8864 (ZDI ID: ZDI-CAN-9471) an HNAP strncmp Incorrect Comparison Authentication Bypass vulnerability. These vulnerabilities are  logic flaws in the implementation of the HNAP allowing an LAN-Side attacker to bypass authentication and reset the admin password

3rd Party Report information
          - Report provided chung96vn - Security Researcher of VinCSS (Member of Vingroup) working with Trend Micro ZDI

          - Reference :

            - CVE-2020-8863 :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8863 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8863)

               -  ZDI-CAN-9470: D-Link Routers HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

             - CVE-2020-8864 :: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8864 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8864)

                - ZDI-CAN-9471: D-Link Multiple Routers HNAP strncmp Incorrect Comparison Authentication Bypass Vulnerability

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157 (https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157)

Get it here: NA Region
DIR-882-US (https://support.dlink.com/productinfo.aspx?m=DIR-882-US)

Please follow the> FW Update Process (http://forums.dlink.com/index.php?topic=42457.0) to ensure a good FW upgrade is performed.

Let us know how it works for you...

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: PitbulI on March 06, 2020, 06:54:58 PM

Tried to install, failed. No reason given.

Might try again this weekend but I don't want to brick the router and this seems to be a security fix, not functionality changes.

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on March 07, 2020, 11:43:34 AM

I just manually downloaded and using IE11, installed fine on mine. v1.20 was prior version loaded.  ;)
I didn't test the router out as I'm using something different currently.

Quote from: PitbulI on March 06, 2020, 06:54:58 PM

Tried to install, failed. No reason given.

Might try again this weekend but I don't want to brick the router and this seems to be a security fix, not functionality changes.

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: core on March 13, 2020, 06:35:00 AM

Upgraded from 1.20 to 1.30 just fine:

Browser: Firefox 74.0
OS: Linux Mint 19.3
File: DIR-882_REVA_FIRMWARE_1.30B10_BETA.BIN

Thank you D-Link for the security patch.

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on March 13, 2020, 07:15:42 AM

Thanks for letting us know.
Enjoy.  ;)

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: zme-ul on March 14, 2020, 02:22:09 PM

is there a difference for EU? can I try the US BETA?

nevermind, I updated to 1.30 BETA, no issues so far - will report back if I discover something

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on March 16, 2020, 05:16:35 PM

Thanks for letting us know.

Enjoy.  ;)

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: zme-ul on March 26, 2020, 12:17:38 PM

reverted back to 1.20
I found that my Android phones have a tough time searching for system updates - back on 1.20 is working smooth

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on March 26, 2020, 12:48:08 PM

Did you factory reset and setup from scratch after v1.30 was applied.

Quote from: zme-ul on March 26, 2020, 12:17:38 PM

reverted back to 1.20
I found that my Android phones have a tough time searching for system updates - back on 1.20 is working smooth

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: ashishchandra on March 26, 2020, 01:02:03 PM

Quote from: zme-ul on March 26, 2020, 12:17:38 PM

reverted back to 1.20
I found that my Android phones have a tough time searching for system updates - back on 1.20 is working smooth

Am facing the same issue.

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: GreenBay42 on March 26, 2020, 01:28:23 PM

Make you both contact tech support to report the issue.

What version of android are you using?
Make/Model of phone/tablet?

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on March 26, 2020, 01:58:22 PM

Yes Master Yoda.  ;D

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: zme-ul on March 26, 2020, 02:49:09 PM

Quote from: GreenBay42 on March 26, 2020, 01:28:23 PM

Make you both contact tech support to report the issue.

What version of android are you using?
Make/Model of phone/tablet?

Nokia 7.1 Andoid 10 latest (february ?!) patch
Nokia 3 Android 9 latest patch

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on March 27, 2020, 08:37:59 AM

v1.30 is working for me.
NG CM1100 cable mode>DIR-882
DNS Relay Disabled.
Smart Connect enabled.

Samsung Galaxy Tab S2, Android v7.0
Google store just updated 27 apps thru the 882.

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: zme-ul on March 28, 2020, 08:40:20 AM

not talking about Google Store, I'm talking about System Updates for the Android OS

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on March 28, 2020, 10:39:26 AM

Is the OS update the only thing not getting any updates? Do you see app updates thru Google store?

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: zme-ul on April 01, 2020, 07:34:02 AM

yes, I could get the app updates trough the Play Store

the Android OS update would refuse to download on the Nokia 3; on the Nokia 7.1 would update, but checking for the update and downloading it would take a significant amount of time that does not happen with 1.20 FW

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on April 01, 2020, 07:41:44 AM

Thanks for the details. I would make contact with D-Link support about this. Let them know these details.

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on April 02, 2020, 07:40:44 AM

HTTPS is missing:
http://forums.dlink.com/index.php?topic=75100.0 (http://forums.dlink.com/index.php?topic=75100.0)

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: sachb on April 18, 2020, 10:47:44 AM

Can I upgrade this on my Router which is not from the US?

Will there be any problems, since in my region the latest firmware in the website is 1.20 & not 1.30.

Title: Re: New - DIR-882-US Firmware v1.30 Build 10 Beta - Security Patch Released
Post by: FurryNutz on April 18, 2020, 11:56:29 AM

I would keep whats loaded. IF your system is working fine, then you don't need to update.