Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[GreenBay42]

A security patch has been released for revision B only.

EDIT: Firmware is no longer BETA. Officially released on Jan 23, 2018

Firmware --> ftp://FTP2.DLINK.COM/PRODUCTS/DCS-930L/REVB/DCS-930L_REVB_FIRMWARE_v2.15.06.zip

Release Notes:

Reported:
Reported on 09/06/2017 by Robin Stenvi (robin dot stenvi at protomail dot com)

The following affects firmware versions 2.14.04 and below.

Problems Fixed:
1. Cross-Site Request Forgery (CSRF) which may lead to configuration information exposure.
2. Denial of Service (DoS) in the cameras CGI web framework that may lead to the camera becoming unresponsive.
3. Adobe Flash Player configuration resulting in an unintentional Cross-Origin Resource Sharing misconfiguration that my lead to further malicious attacks on the camera.

New Features:
1. Upgrade mydlink agent to 2.2.0-b03
2. Change the system default date to 2017/01/01
3. Update the ActiveX and Java Applet with renewed code-signing certificate (validity period of the certificate is from 9/30/2016 to 10/1/2019).
4. Support digest authentication for Web UI

[jasred]

I think there may be things wrong with this version. After installing on 3 cams, two of them would no longer authenticate via curl. This version also does not work with Firefox (unless you use a user-agent switcher), and it requires IE on windows...

[FurryNutz]

CURL may have been something that wasn't officially supported or a security issue so D-Link may have closed that door.

Try using FF ESR for connecting to the cameras. Newer versions of FF standard have stopped supporting plug-ins so may not work correctly:
http://forums.dlink.com/index.php?topic=66483.0

I think there may be things wrong with this version. After installing on 3 cams, two of them would no longer authenticate via curl. This version also does not work with Firefox (unless you use a user-agent switcher), and it requires IE on windows...

[jasred]

CURL may have been something that wasn't officially supported or a security issue so D-Link may have closed that door.

The problem with that theory is they didn't seem to close the door for all three cams that I upgraded so I can't take that to the bank.

[FurryNutz]

So you have a camera that still authenticates via CURL then?
What was the process you followed for updating FW? Was any resets performed?

[jasred]

So you have a camera that still authenticates via CURL then?
What was the process you followed for updating FW? Was any resets performed?

Correct, one camera works with curl.

Your second question may point to something. I used FF to do the upgrades and
maybe that caused an issue. I will try one of the cams that fails with curl and use
IE for the upgrade (wired connection of course). I'll let you know.

[FurryNutz]

 

What version of FF did you use?

[jasred]

What version of FF did you use?

Win 10  and FF 57.0.4 64 bit

Using IE did not work. The same problem.

I also noticed that 2.14.04 seemed to upgrade nicely with a message at the end
that states "Firmware upgrade completed". The new firmware just displays a "reply"
web page.

[FurryNutz]

Reply?

Can you post a picture if what you see with the v2.15 FW update message?

[jasred]

Reply?

Can you post a picture if what you see with the v2.15 FW update message?

Sorry, I may have been too glib. It's not a reply web page per se, it tries to display
a page, but gives you a error page instead. The page shows "The website declined to show this webpage".
The page that it was trying to display is "replyk.htm".

[FurryNutz]

Hmm, this in FF and IE?

Did you clear out the browser cache before and after sending the FW file?

[jasred]

Hmm, this in FF and IE?

Did you clear out the browser cache before and after sending the FW file?

Yes, both FF and IE display that last page problem.

No, to the cache clearing question. I have never had to do that before and I've been
doing stuff like this for years.

[FurryNutz]

Can you try a factory reset, on one camera the do the cache clear on either browser and see if same thing still happens.

Are these cameras wired or wireless connected when FW updates happen?

I'll pass this on to D-Link for review. Not sure what is happening.

[jasred]

Can you try a factory reset, on one camera the do the cache clear on either browser and see if same thing still happens.

Are these cameras wired or wireless connected when FW updates happen?

I'll pass this on to D-Link for review. Not sure what is happening.

I actually had done a factory reset on one of them that fails.

I will try the cache clearing test tomorrow and let you know.

I always use wired connections when applying firmware.

Thanks for passing this on...

[GreenBay42]

After the firmware upgrade can you get into the camera's UI without issue?  If not can you ping the camera?