Firmware: v2.12NA Build 01 Beta 06/20/2017Release Notes: Overview:
The DIR-655 contains four (4) vulnerabilities accessible from the LAN-side of the device
presenting potential security risks. First vulnerability allows a malicious user to bypass
authentication to gain administrative level access to the router’s web management
console. The vulnerability is only exposed when an authenticated user session is
logged-in on the device and that authenticated user's address is used, shortening the
window of opportunity for the attacker.
A second vulnerability was discovered that script injection can be performed on some input fields resulting in Cross-Site Scripting (XSS)
vulnerabilities to the device configuration interface.
Next, a third vulnerability, discloses log-in credentials and WiFi Encryption key of an authorized user by sending clear
text data between the device's web configuration interface and the authorized user's browser.
Last, a fourth vulnerability found a cgi command, regardless of authentication, will provide device configuration information.
References:
Keven Jiang :: Contact :: November 1, 2014
Description:
A request can be made to security@dlink.com for further information.
Get it here:
DIR-655 Rev BFollow this for updating:
FW Update ProcessNOTE: if your router is working with out any issues, it's recommended to keep the current version of FW that is loaded.IF IT WORKS, DON'T FIX IT!!! 
Author
Topic: New - DIR-655 Rev B Only v2.12NA Build 01 Security Release (Read 12426 times)