[H-GEN] Information on DSL 504 Router Firmware Updates + Vunerablities + Fixes (was Re: ADSL modem/router/switch)

Snowy Angelique Maslov aka 'Snowpony' snowy at snowy.org
Thu Apr 24 13:33:54 EDT 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 24 Apr 2003, Stuart Longland wrote:

> Yep, I'll vouch for that.  Except what ever you do, CHECK THE FIRMWARE
> VERSION BEFORE UPDATING!!
> 
>   Yesterday, I tried updating to the v2.2 firmware from 2.02, to correct
> a problem with file transfer problems with instant messenger programs
> such as MSN Messenger, Trillian & Everybuddy.  The update succeeded, but
> the router failed to boot afterwards.
> 
>   So it's now currently sitting in The Gap post office awaiting a trip
> to Sydney to be fixed.
> 
>   There were instructions for uploading firmware via xmodem using
> Hyperterminal, but guess what, the internal firmware on ours is version
> 7.0.0.7, the example was 8.2.0.16.  When I told ours to expect an image
> to be sent via xmodem, it sort of said Huh?  (Actually, it came back
> with '??' which I presume means it didn't understand).  I'm guessing
> that this difference is why the new firmware image doesn't work - it's
> in a format that our older chipset doesn't understand.
> 
>   So before updating these babies, I recommend getting a VT100 terminal
> hooked up to the console port and double checking this first, if its the
> same version as ours, don't, whatever you do, try updating it.

Note for the DSL-504 there are two versions; the old one and the new
"Generation 2" ones.  If your router does not come with a logo on the front
panel that has "Generation 2" written under DSL-504 - then it is the old
one.

############################################################################
#### Generation 2 DSL 504 Information - for GenII Routers Only!         ####
############################################################################

New "Generation 2" DSL-504 should use the following firmware update:

http://www.dlink.com.au/tech/drivers/files/routers/Gen_II_DSL504R221b4auto1.zip

############################################################################
#### Non-Generation 2 DSL 504 Information - for Older Routers Only!     ####
############################################################################

Older DSL-504's will need to make sure they are at least at R2.02B2T8 before
upgrading to the following firmware:

http://www.dlink.com.au/tech/drivers/files/routers/dsl504R221b8au.zip

If your router level is at R2.01B5 or greater but less than R2.02B2T8 then
you can upgrade to 2.02B2T8 with the following firmware:

http://www.dlink.com.au/tech/drivers/files/routers/DSL504R202B2T8AU.zip

If your router level is less than R2.01B5 then you can upgrade to R2.01B5
using the following firmware:

http://www.dlink.com.au/temp/DSL-504R201b5AU.exe

You can find out your router revision level by logging in via telnet
(default password is 'private' - if it is still that then please read
further below) or connecting via the serial console (9600,8,N,1) and typing
at the prompt:

[Internal IP Here]> version

+--------------------------------------------------------------------------+
|IMPORTANT!  You cannot skip patch levels.  You *must* upgrade to certain  |
|points to upgrade the DSL-504 properly.   The key points are as follows:  |
|                                                                          |
|Less than R2.01B5 (likely R1.14) -> R2.01B5 (or greater) -> R2.02B2T8 (or |
|greater) -> R2.21                                                         |
+--------------------------------------------------------------------------+

############################################################################
#### End Version Specific Information on DSL 504 Routers                ####
############################################################################

There are also a vulnerability in the DSL 504 (which I'm sure I've mentioned
before but just to reiterate) being that by default they have SNMP access
enabled with default community names for read/write access.  Furthermore the
private community string (default is 'private') is the password used via
telnet to access the machine.  The Admin MIB for these routers has in it all
the information to log into your ISP.  Details are available via the BugTraq
mailing list archives:

http://www.securityfocus.com/archive/1/316489/2003-03-21/2003-03-27/0

I wrote a step through on how to fix this - it is available at:

http://www.securityfocus.com/archive/1/316670/2003-03-21/2003-03-27/2

- -- 
Snowy "Snowpony" Angelique Cerise Maslov -- http://snowy.org/email.signature
PGP (GnuPG) fingerprint = 5280 6EBC D281 A9D2 564B  E274 B2EC 54C3 8325 CECD
[ NOTICE:  Please read disclaimer located in URL above before emailing me! ]
Email not specifically addressed to snowy at snowy.org via CC or TO will BOUNCE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+qCACsuxUw4Mlzs0RAnG2AJ9PR+2OgTXFVw1EtLn7Gc+1Q8bEyQCfQ+1Z
mOpMPU56tcK9xxV/bPgMh5g=
=xMfc
-----END PGP SIGNATURE-----


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list