D-Link DIR-645 Router Firmware Update 1.04B11
User Drivers » LAN / Network Adapter » D-Link »
Date Added: January 14, 2014 / Release Date: December 04, 2013 / Publisher:D-Link / File Size: 7.2 MB
OS: Mac OS, Windows
Vulnerabilities Addressed:
- Fix Admin Password will accepting and saving complex password, then not allow the user to use new complex password.
- Fix Buffer overflow on "post_login.xml".
- Fix Buffer overflow on "hedwig.cgi".
- Fix Buffer overflow on "authentication.cgi".
- Fix (CSRF) Cross-site scripting on "bind.php".
- Fix (CSRF) Cross-site scripting on "info.php".
- Fix (CSRF) Cross-site scripting on "bsc_sms_send.php".
- Fix Web file access api getfile path could not include ../
- Fix bypass authentication before scan direction in the router. (__ajax_explorer.sgi).
- Fix curl -H "Cookie: uid=9gIdu6X6nF" -d
"EVENT=%26%20telnetd%26" http://192.168.0.1/service.cgi would cause script injection issue to execute telentd. - Fix bypass authentication on version.php show too much router information.
- Fix widget functions and remove the relative files like router_info.xml from unauthorized access.
- Fix issue that disables telnetd after the router is not longer factory default.
- Fix unauthorized post execute commands in the router by command.php.
- Fix Vulnerabilities Discovered and Disclosure by Roberto Paleari <"roberto@greyhats.it">.
- Fix Buffer overflow on "post_login.xml".
- Fix Buffer overflow on "hedwig.cgi".
- Fix Buffer overflow on "authentication.cgi".
- Fix (CSRF) Cross-site scripting on "bind.php".
- Fix (CSRF) Cross-site scripting on "info.php".
- Fix (CSRF) Cross-site scripting on "bsc_sms_send.php".
Recent Drivers
D-Link DIR-615 RevE Router Firmware Update 5.11
D-Link DIR-645 Router Firmware Update 1.04B11
D-Link DIR-655 RevB Router Firmware Update 2.11
D-Link DIR-655 RevA Router Firmware Update 1.37
D-Link DIR-815 RevB Router Firmware Update 2.03B05