• February 22, 2025, 02:39:59 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Maybe some security leaks / improvements in/for latest firmware...  (Read 2627 times)

timnasuser

  • Level 1 Member
  • *
  • Posts: 2
Maybe some security leaks / improvements in/for latest firmware...
« on: March 24, 2015, 08:04:29 PM »
Hi,

There're some "leaks" (in my opinion) in the latest firmware 1.03/ 22-July-2014 of DNS 327L

Q: Is there a shell addon or comparable (telnet I've found)? 
- USB disks should never be mounted as 777 by default. (Aargh)
- USB disks can be always accessed by FTP anonymous (Aargh)
- The USB disks can not be modified by the Web UI (Hmm, FTP access is possible)
- The SSL Certificate contains the model number as well as the MAC address  (I've read it somewhere) (This is a big leak). Have a look at some routers which generate a certificate by random numbers)
- The Addons (Joomla, phpBB) are really outdated (On the contained CD)
- the servers (FTPD, HTTPD) should not mention their type and version

Perhaps some joking improvement:
Q:  Is it possible to use a standard PC keyboard (and maybe some USB-VGA output) on the USB bus? AddOn?  :)

But anyway, (without the leaks) the 327l would be a great value for the price
Logged