Aperto da Carciofone, 20 Marzo 2018, 08:07:06
DIR-879 Firmware Release NotesFirmware: 1.10b05Hardware: Rev. AxRelease Date: 2018/2/03Note:1. The firmware version is advanced to v1.102. The firmware v1.10 must be upgraded from the transitional version of firmware v1.04 (transitional version).Problems Resolved:1. Update wpa2 security patch2. Support EU VLAN @ EU country code3. Support VLAN profile @ SG country code4. Upgrade dnsmasq to 2.78Enhancements1. Support D-Link Wi-Fi APP (QRS mobile won't be supported from firmware version v1.10 or later version).2. Support image with encryption.---------------------Firmware: 1.06b01-07Hardware: Rev.A1Release Date: 2018/01/04Note:This release is to patch the WPA2 Key Reinstallation Attack (KRACK) Security Vulnerabilities affecting this product.Problems Resolved:A WPA2 wireless protocol vulnerability was reported to CERT//CC and public disclosedas: VU#228519 - Wi-Fi Protected Access II (WPA2) handshake traffic can bemanipulated to induce nonce and session key reuse.The following CVE IDs have been assigned to VU#228519. These vulnerabilities in the WPA2 protocol: · CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake · CVE-2017-13078: reinstallation of the group key in the Four-way handshake · CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake · CVE-2017-13080: reinstallation of the group key in the Group Key handshake · CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake · CVE-2017-13082: accepting a retransmitted Fast BSS Transition Re-association Request and reinstalling the pairwise key while processing it · CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake · CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake · CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame · CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frameThis patch also included fixes for DNSmasq vulnerability: · CVE-2017-14491 Remote code execution in the DNS subsystem that can be exploited from the other side of the internet against public-facing systems and against stuff on the local network. The previously latest version had a two-byte overflow bug, which could be leveraged, and all prior builds had an unlimited overflow. · CVE-2017-14492 The second remote code execution flaw works via a heap- based overflow. · CVE-2017-14493 Google labels this one as trivial to exploit. It's a stack-based buffer overflow vulnerability that enables remote code execution if it's used in conjunction with the flaw below. · CVE-2017-14494 This is an information leak in DHCP which, when using in conjunction with CVE-2017-14493, lets an attacker bypass the security mechanism ASLR and attempt to run code on a target system. · CVE-2017-14495 A limited flaw this one, but can be exploited to launch a denial of service attack by exhausting memory. Dnsmasq is only vulnerable, however, if the command line switches --add-mac, --add-cpe-id or --add-subnet are used. · CVE-2017-14496 Here the DNS code performs invalid boundary checks, allowing a system to be crashed using an integer underflow leading to a huge memcpy() call. Android systems are affected if the attacker is local or tethered directly to the device. · CVE-2017-13704 A large DNS query can crash the software---------------------Firmware: 1.05b01Hardware: Rev.A1Release Date: 2017/02/06Problems Resolved:1. Fix setup GUI is not reachable.Enhancements:None---------------------Firmware: 1.04b01_01Hardware: Rev.A1Release Date: 2016/11/25Problems Resolved:1. Fix HNAP Service Stack-Based Buffer Overflow VulnerabilityCWE-121 CVE-2016-6563 VU#677427http://www.kb.cert.org/vuls/id/677427Enhancements:None---------------------Firmware: 1.04b02_g7m9Hardware: Rev.A1Release Date: 2016/07/22Problems Resolved:1. Fixed send log as email.Enhancements:None---------------------Firmware: 1.03WWb01Hardware: Rev.A1Release Date: 2016/5/17Problems Resolved:1. Fixed the GUI display issue that sometimes "Click to repair" doesn't show up in home page.2. Fixed the issue that Manual MTU setting doesn't in Static IP extender mode.3. Fixed the incorrect description in GUI page.4. Fixed the incorrect translation in GUI page while in extender mode.5. Fixed the issue that WMM is set to disabled after the wizard installation of DIR-879.6. Fixed the issue of Port Forwarding that sometimes disabling some rules causes other rules to be enabled automatically.7. Fixed the issue that in RU domain code, after resetting DIR-879, sometimes wired/wireless clients may not access to INTERNET unless DIR-879 is rebooted manually.8. Fixed the reported security issue.9. Fixed the issue that WPS is performed in extender mode, all downlink wired or wireless clients will disconnect from DIR-879 and DIR-879 also disconnects from uplink router.10. Fixed the issue that when home user selects Deutsch in language list in login page, UI description still display in English after log in DIR-879.11. Fixed the issue that when home user set the IPv6 DNS setting manually, DIR-879, wired and wireless clients can't get IPv6 address.12. Fixed the LED behavior of DIR-879 in wireless extender mode: [Bug]LED displays in solid white and the connection status in main page shows connected after DIR-879 disconnects from uplink router. [Bug]After the timeout of WPS phase in downlink clients, LED still blinks in white. [Bug]If home user changes the wireless band with uplink router, then LED cannot change to solid white. [Bug]When the cable is detached from INTERNET port in DHCP mode, LED sometimes doesn't turn into orange. [Bug]When the cable is detached from INTERNET port and connected again in Static IP, LED will remains in solid orange. [Bug]In Static IP mode, LED turns into solid orange after home user changing and saving the IP setting of DIR879 on GUI page.13. Fixed the LED behavior in router mode: After the timeout of WPS phase in downlink clients, LED doesn't turn into solid orange.Enhancements:1. Improved 2.4G wireless throughput.2. Added wireless extender mode.Known issues:1. Send log as email not working. Will be fixed soon.
Pagina creata in 0.191 secondi con 17 interrogazioni.