Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[digitoxin]

Is D-Link ever planning on releasing a firmware update for the DIR-655 to fix the UPNP vulnerabilities on this router?  They have not updated their UPNP page since Jan 30, 2013.

http://www.dlink.com/us/en/technology/upnp

I have confirmed that this router is vulnerable by using Steve Gibson's ShieldsUp tool as http://www.grc.com.

[digitoxin]

My DIR-655 is Hardware Version: B1   Firmware Version: 2.10NA.  I am located in the U.S.

[gh15]

same specs as digitoxin and have the same question.

[FurryNutz]

Link>Welcome!

• What Hardware version is your router? Look at sticker under router.
• Link>What Firmware version is currently loaded? Found on routers web page under status.
• What region are you located?

Internet Service Provider and Modem Configurations

• What ISP Service do you have? Cable or DSL?
• What ISP Modem Mfr. and model # do you have?

I have verified this on my Rev B and have forwarded my results on to D-Link. Please be patient while they review this. Thank you.

[monkeylove]

I also disabled UPnP for the same reasons, although I found out only after I downgraded the FW to 2.01 (I had problems with 2.05, which is the latest for hardware B1, SE Asia).

Edit: This I can't explain.

I found another site that can check for vulnerabilities:

http://upnp-check.rapid7.com/

and the router passed, i.e., no response to a discovery request.

I decided to enable UPnP and try again, and it passed. I went to GRC Shields Up, and it passed.

I booted the modem, router (with UPnP enabled), and PC, and tried again in both sites, and the router passed.

[FurryNutz]

Thank you for sharing. D-Link is aware of this this issue. Please be patient while they review the situation. If your in need of immediate help and need more information, please phone contact your regional D-Link support office and inquired with in.

[monkeylove]

Sorry, my mistake. The vulnerability still appears for my unit (FW is 2.01 HW B1 for SE Asia). I only found out after I rebooted the PC, router, and modem, and checked with the sites again an hour ago.

I'd like to try FW 2.05, but I experienced problems with that (every few hours, any device connected to my router could not access Facebook or Google), which is why I downgraded to 2.01.

[FurryNutz]

I recommend that you review this and start a new thread to see if maybe we can help you figure out why v2.01 or v2.05 isn't working for you:
Router Troubleshooting Suggestions and Tips

You can copy and past this into a new thread and post your answers and results there if you like.

Sorry, my mistake. The vulnerability still appears for my unit (FW is 2.01 HW B1 for SE Asia). I only found out after I rebooted the PC, router, and modem, and checked with the sites again an hour ago.

I'd like to try FW 2.05, but I experienced problems with that (every few hours, any device connected to my router could not access Facebook or Google), which is why I downgraded to 2.01.

[digitoxin]

I have no faith in D-Link that they will fix this issue.  They will just let this router End-of-Life and move on.  I have always stood by D-Link and their products, but after the substandard quality of their recent firmware releases across their product lines, I will be looking elsewhere for my next router purchase.  I have already had to downgrade my DIR-655 to firmware 2.07NA because of serious Wi-Fi problems with the latest release.

[FurryNutz]

I presume that not all product lines exhibit this problem I can confirm that they don't.

I have had v2.10NA loaded on my 655 and haven't had any issues with the WiFi. There could be environment conditions contributing to your WiFi that you seemingly be experiencing. A little trouble shooting might help narrow it down.

I would do a bit more troubleshooting and see if the problem could be narrowed down. There can be many things that can contribute to WiFi experiences on any router.

If your that concerned about the security issues, then you should phone contact D-Link support. They are aware of the issue. I don't know when they will released the fix. The more they hear about the problem the more they will probably get it released. This why we can people to phone contact D-Link support so they get visibility with there users and customers. We can't do anything about it here in the forums as it needs to be coded and tested then released.

I will again forward this on to D-Link and see if I can get some information.

If your unwilling to wait or let others help you out then you'll need to seek other solutions.

This thread is now locked as there is no additional information at this time that is helping anyone out. I'll re-open the thread when and if D-Link gives some information.

Good Luck.

[FurryNutz]

Any one care to try this and see if uPnP is fixed or not?
http://forums.dlink.com/index.php?topic=55233.0

[FurryNutz]

I can confirm that this issue has been fixed with v2.11NA:
http://forums.dlink.com/index.php?topic=55233.0