Professional Documents
Culture Documents
DIR600Bx - FW217b02 Release Note
DIR600Bx - FW217b02 Release Note
Firmware: FW217B02
Hardware: Bx
Date: 2014/03/17
Note:
1. FW version is advanced to v2.17
Problems Resolved:
1. Fixed the security vulnerabilities that allow to create new root account and connection profile for
remote access.
(http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/)
2. Fixed the multiple security vulnerabilities.
3. Fixed the DCC 4.0 compatibility issue while setting via TKIP.
4. Fixed that issue that the channel bandwidth will be set to HT20 after installing DIR-600 with DCC
4.0
5. Fixed the issue that WPS button doesnt work.
6. Fixed the compatibility issue with QRS CD.
7. Fixed the reported issue from Michael Messner
HTTP Header Injection
http://<IP>/diagnostic.php
Cross-Site Scripting (XSS)
http://<IP>/version.txt
http://<IP>/bsc_wlan.php
Security Misconfiguration
Telnet Service is open with Authentication.
Sensitive Data Exposure
http://<IP>/router_info.xml?section=systeminfo
Cross-Site Request Forgery
http://<IP>/session.cgi
http://<IP>/hedwig.cgi
http://<IP>/pigwidgeon.cgi
http://<IP>/service.cgi
D-Link Corporation confidential
Enhancements:
None
Known Issues:
None