Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[PacketTracer]

... see this blog and this video.

[FurryNutz]

Thanks for the info and links PT, I'll forward this on to DLink.  I presume they might know about it. 

If any one else is concerned about this issue. It's highly recommended to phone contact your regional local DLink support office and ask them about this so they get visibility with there customers.

Thank you.

[PacketTracer]

There are new German firmware versions available that fix the vulnerabilities:

• DIR-600 Rev. B5: Version 2.15b01
   ftp://ftp.dlink.de/dir/dir-600/driver_software/DIR-600_fw_revb5_215b01_ALL_de_20130206.zip
  
• DIR-600 Rev. B1 and B2: Version 2.15b01
   ftp://ftp.dlink.de/dir/dir-600/driver_software/DIR-600_fw_revb12_215b01_ALL_de_20130206.zip
  
• DIR-300 Rev. B: Version 2.14b01
   ftp://ftp.dlink.de/dir/dir-300/driver_software/DIR-300_fw_revb_214b01_ALL_de_20130206.zip
  

[FurryNutz]

I recommend and remind users that these are regional FW updates and are meant for the EU or DE regions only and not not meant for use on NA region routers. I have looked and have not see any newer releases for the NA region as of yet.

I see the release notes say the they fix "Security Vulnerabilities". They don't say specifically though. We can only presume.

Thanks for posting.

[Atrium]

This update and one of the earlier, 2.13, pretty much cuts my download speed with 50%; from, say, 75-90 Mbps to 35-40 Mbps.

As we all know there have been several changes in the firmware over time, some small, other more significant. I noticed that the SPI was not enabled by default in these later updates. So when I first noticed the rather slow download speed I went back and disabled the SPI, since I had enabled it after the firmware update. But it did not change the download speed by much.

In these cases I had to use the two-step update for B1/B2, i.e. using a middle firmware included in the B1/B2 firmware update, since the router is a B1 and was at 2.05 before the update to 2.15.

Here, in the Nordic region, at D-Link's pages you will only find firmware 2.01 and 2.10; that is pretty much what DIR-600 B1 and DIR-600 B5 came with out of the box! And the firmware at the support page for the DIR-600 is the 2.10 for B5; you'll have to navigate to the FTP pages to find something for the B1. Their support page is, in one word, useless. Sad since they have good products.

Since version 2.01 we have seen among other the 2.03 for the HNAP security issue; later there were reports about security issues with DIR-300 which apparently is quite similar to DIR-600, and subsequently we saw version 2.05. As mentioned, none of these can be downloaded here.

In December 2011 information was disclosed about a gigantic security issue with WPS, affecting more or less all routers using WPS, and we started to see updates from different vendors. No update for DIR-600 B1, though their German site had some update, akin to the one mentioned above, a two step update for B1/B2.

So, I don't know if things are working in the 2.15 update for the B1 revision, but if they are, it seems I'll have to choose between staying safe or getting a download speed close to the subscribed.

It is amazing, to say the least, that we have to search all around the Internet to find security related updates for a router that is rather new. True, it's B5 that is sold at the moment. But a B1 isn't that old. It's also true that there are some updates at the .tw page, but not the latest it seems. Why do they have branch offices in different countries if they are not cooperating?

[FurryNutz]

Have you been in contact with Dlink directly?
For the NA region this model series has been discontinued and phased out. I presume all other regions where this model is still in circulation and LIVE, all support and development is being handled there and you would need to make contact with them regarding any concerns about this subject matter. Level 2 or higher would be needed.

Good Luck.

This update and one of the earlier, 2.13, pretty much cuts my download speed with 50%; from, say, 75-90 Mbps to 35-40 Mbps.

As we all know there have been several changes in the firmware over time, some small, other more significant. I noticed that the SPI was not enabled by default in these later updates. So when I first noticed the rather slow download speed I went back and disabled the SPI, since I had enabled it after the firmware update. But it did not change the download speed by much.

In these cases I had to use the two-step update for B1/B2, i.e. using a middle firmware included in the B1/B2 firmware update, since the router is a B1 and was at 2.05 before the update to 2.15.

Here, in the Nordic region, at D-Link's pages you will only find firmware 2.01 and 2.10; that is pretty much what DIR-600 B1 and DIR-600 B5 came with out of the box! And the firmware at the support page for the DIR-600 is the 2.10 for B5; you'll have to navigate to the FTP pages to find something for the B1. Their support page is, in one word, useless. Sad since they have good products.

Since version 2.01 we have seen among other the 2.03 for the HNAP security issue; later there were reports about security issues with DIR-300 which apparently is quite similar to DIR-600, and subsequently we saw version 2.05. As mentioned, none of these can be downloaded here.

In December 2011 information was disclosed about a gigantic security issue with WPS, affecting more or less all routers using WPS, and we started to see updates from different vendors. No update for DIR-600 B1, though their German site had some update, akin to the one mentioned above, a two step update for B1/B2.

So, I don't know if things are working in the 2.15 update for the B1 revision, but if they are, it seems I'll have to choose between staying safe or getting a download speed close to the subscribed.

It is amazing, to say the least, that we have to search all around the Internet to find security related updates for a router that is rather new. True, it's B5 that is sold at the moment. But a B1 isn't that old. It's also true that there are some updates at the .tw page, but not the latest it seems. Why do they have branch offices in different countries if they are not cooperating?

[Atrium]

Hi,
Thanks for the reply.
Yes I know about the status for this model in the NA region; I've read about it here. And wasn't that revision A1, different hardware? Even though there are many users living there, I'm not interested in the NA region in this matter. But I understand that one should be careful and only use firmware for the right model and revision.

As you know, have seen in this forum, there are quite many still using this router; and throughout the last years it seems to have been maintained at different sites around, for example, Europe. Also in Australia and New Zeeland; I found that they had the 2.03 for B1 earlier. But in my case I have been looking for updates in the European/Nordic region, or at the .tw page designated for global use. So I moved from 2.01 to 2.05, via 2.02 and 2.03 I think.

I think the Nordic sites at one point had some "later" firmware, such as 2.02 or similar, but as mentioned, now it is only 2.01/B1 or 2.10/B5. One would think that they, as a global business, would cooperate, and when a firmware had been created and tested they would distribute it around the different regions, but no.

I didn't mention it in my first post, but yes, I contacted D-Link here via mail two months ago. No reply. They have support for home users via phone (at $6), if you for example have questions how to set up the router. I don't have that.

It is possible that the B5 came out in the European region around 2011-2012, but one would expect a router to see some updates, if necessary, for at least 2-3 years, otherwise if you bought a B1/B2 in 2010 you are out of luck. Especially since we have seen several security related vulnerabilities the last years. Perhaps B1/B2 is immune ... And even if the B5 revision is all the rage nowadays, it seems odd that they only have the first firmware, 2.10; the .tw page mentions at least a couple of later firmware updates for the B5, as it does for the B1/B2.

Thanks for the good wishes.

[FurryNutz]

You could try a new version and see.
ftp://ftp.dlink.pl/dir/dir-600/driver_software/
Copy and Paste link.

[Atrium]

Thanks.
I was doing some research myself.

Erratum, sort of.
At D-Link's site (SE), if I click on the support link and follow the link to the latest tech articles (they are still using the "old" site design here) I arrive at a page that has two short messages at the top, and it has been the same for quite some time; they are from the first half of 2008, related to Windows XP, and the release of SP3. I have seen them for quite some time, and I didn't look closer at the rest of the page earlier. However, on the second half of the page there is a button for "archived support news", but it says "2013" now; perhaps should be the other way around ...

If I click on the button and check that page I will get the latest information from February; about the UPnP issue mentioned some weeks ago, AND the "Update on Router Security issue", i.e. the firmware updates for DIR-600 (and DIR-300), all in English. There are direct links to an EU site for the different firmware updates.

At this place.
ftp://ftp.dlink.eu/Products/dir/dir-600/driver_software/

The zip file for the B1/B2 revisions is pretty much the same as the abovementioned. The archive at the German site also included a German language pack and a small, old, information file, not included in this file. The instructions, PDF & TXT, are in English, this time. Same change log. The firmware .bin files are identical, it seems, comparing them with the command-line tool COMP.

The sad thing is that at the SE site, and for example the Czech site, there is no mention about these recent firmware updates at the support pages for the DIR-600. Compared with, for example, the German and the UK sites. But the Czechs at least have it on their FTP page, which is not the case with the Nordic sites (Denmark and Norway point to the Swedish FTP site). As I said, pretty useless.

So, hidden on a page for support news, that still talk about SP3 for XP, via archived messages for 2013 ... there are links to the latest firmware.

And the change log, "changes.txt", in the archive found at the EU site and in the German B1/B2 file, says:
"Problems Resolved:
1. Fixed the multiple security vulnerabilities."

A close match to the topic of this thread.

(Pedantic note: The same file for the B1/B2 2.15 at the Czech site says "1. Fixes security vulnerabilities." That is the only difference as far as I can see inside the archives.
There is a very minor difference in the name however; DIR-600_fw_revb12_215b01_ALL_20130206 at the EU site, and DIR-600_fw_revB1B2_2-15B01_all_en_20130206 at the Czech site (and the .pl page you mentioned.)

So, yes, I will try some other version; the one I found at the EU site, and maybe look at another. I did a factory reset and changed some minor things after my post above, but it didn't change the download speed.

[Atrium]

Some posts at the end of this thread:
http://www.dlinkforum.ro/index.php?topic=123.195
seems to confirm that there indeed are problems with higher download speeds, above 40-50 Mbps, in the latest firmware updates, after 2.05, for B1/B2; i.e. 2.11 etc. Though I have only read a simple translation. I checked earlier with the 2.13 and 2.12, then reverted to 2.05 and got the usual D/L speed, and then a couple of days ago tried the 2.15 mentioned above. Not much to do about that, it seems.

Wonder if it is related to the difference in hardware between B1/B2 and B5, since they have taken the 2.1x (first released for the B5, I think) and created firmware updates for B1/B2. I can't imagine that a B5 DIR-600 should have a cap at around 50 Mbps.

Ah well, I didn't have a long wish list, it worked all OK at 2.05; some have been asking for IPv6 etc. I only wanted security related updates, and since there have been a couple of vulnerabilities disclosed the last year or two, that wasn't much to ask for. But 50% of your download bandwidth just goes into thin air, wonder how they managed to do that.

I'll check with another downloaded firmware.

[FurryNutz]

Unfortunately its hard to read that information since it's not English. 

[Atrium]

Yes. Well ... English is not my native language ... Nor is Romanian, but in this case I have no knowledge whatsoever.

Tada! Google Translate.

http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=sv&ie=UTF-8&eotf=1&u=http%3A%2F%2Fwww.dlinkforum.ro%2Findex.php%3Ftopic%3D123.195&act=url

First post on page 14, reply # 195, mentions an experience going from 2.05 to 2.11. Result: limited download speed. Same as I saw when I went from 2.05 to 2.13 and from 2.05 to 2.15.

Reply # 201 confirms that there is a problem, discussed earlier (though I haven't looked at the whole thread), and that if you have a subscribed downstream bandwidth below 50 Mbps there is no problem with the, then (2.11-2.12), latest firmware update; but if your subscribed downstream bandwidth is more than 50 Mbps you will not get anything beyond 50 Mbps, it seems.

Odd, indeed. I don't know if this is only affecting revision B1/B2 running on, what seems to be, "backported", firmware 2.11-2.15; surely there must be some people using B5 with latest firmware and a subscribed downstream bandwidth around 50 Mbps or above.

[Atrium]

It seems like I have been one step ahead of them a couple of times (or just visiting their pages when they had not done all changes); there were no links to the latest updates on the dedicated support page, as mentioned, and their FTP page also only had 2.01 & 2.10. Then, as mentioned, they added a support message under "news" with links to the aforementioned EU site and version 2.15b01. I also mentioned that they had not updated the web site, page layout.

But this has now changed. The new page layout is in place, and the dedicated support page for the DIR-600, even though it isn't mentioned under products, has download links to the 2.15 firmware, and several other links.

They have even renamed the archive, the zip file, though the content seems to be the same.

Hurrah.

Well, let's see how a fresh download works.

I have gone through the hassle of downgrading to firmware 2.05 (using the Emergency Room), then checked the "download speed", then upgraded to the latest firmware just downloaded, and checked the speed once more.

With firmware version 2.05 I get pretty much the same speed as if I connect directly to the network port (and that is good), around 80-90 Mbps depending on the status of the Internet in the neighbourhood/this part of the world. With firmware version 2.15 I get around 30-35 Mbps. That is, I get around 40% of the speed.

Ah well.

[Atrium]

Their support page now says "phased out", and then the usual "however"; i.e. they will carry on "giving support in accordance with guarantee terms".

Well, in this part of the world, and for this type of product, that is 2 years. And since it is more than 2 years old, it is too old for that.

During the last months, year, they started to "backport", as it seemed, 2.1x versions of the firmware to HW B1 & B2; the major problem is that it heavily restricts the downstream bandwidth; it's not working above 40 Mbps; and if you have 100 Mbps that's more than half of your bandwidth.

Guess I'll look elsewhere in the future; they don't have a working contact form on the web, the link is dead; there is no e-mail address; and I'm not willing to pay $6+ for a phone call just to be told that they are not going to put any more efforts on this router.