Search the Community
Showing results for tags 'hotfix'.
Karlston posted a news in Security & Privacy NewsD-Link issues hotfix for hard-coded password router vulnerabilities D-Link has issued a firmware hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Following successful exploitation, they can let attackers execute arbitrary code on unpatched routers, gain access to sensitive information or crash the routers after triggering a denial of service state. The DIR-3040 security flaws discovered and reported by Cisco Talos security researcher Dave McDaniel include hardcoded passwords, command injection, and information disclosure bugs. Authentication bypass via specially crafted requests The CVE-2021-21818 and CVE-2021-21820 hard-coded password and credentials vulnerabilities [1, 2] exist in the router's Zebra IP Routing Manager and the Libcli Test Environment functionality. Both of them allow threat actors targeting vulnerable D-Link DIR-3040 routers to bypass the authentication process configured by the software administrator. Attackers can trigger them by sending a sequence of specially crafted network requests that lead either to denial of service and code execution on the targeted router, respectively. CVE-2021-21819, a critical OS command injection vulnerability found in the router's Libcli Test Environment functionality, can also be abused by adversaries for code execution. Additionally, it makes it possible to start a "hidden telnet service can be started without authentication by visiting https:///start_telnet" and log into the Libcli test environment using a default password stored in unencrypted form on the router. Vulnerabilities addressed in firmware hotfix D-Link has resolved the bugs found in firmware version 1.13B03 and has issued a firmware hotfix for all affected customers on July 15, 2021, available for download here. The complete list of vulnerabilities addressed by D-Link with these hotfix includes: CVE-2021-21816 - Syslog information disclosure vulnerability CVE-2021-21817 - Zebra IP Routing Manager information disclosure vulnerability CVE-2021-21818 - Zebra IP Routing Manager hard-coded password vulnerability CVE-2021-21819 - Libcli command injection vulnerability CVE-2021-21820 - Libcli Test Environment hard-coded password vulnerability D-Link says that the firmware hotfix released to address the bugs found by Cisco Talos is "a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release." The table below lists the vulnerable router models and links to the updated firmware version containing the fix. Model Hardware Revision Affected FW Fixed FW Recommendation Last Updated DIR-3040 All Ax Hardware Revisions v1.13B03 & Below v1.13B03 Hotfix 1) Please Download Patch and Update Device 2) Full QA Firmware under test for automatic F/W update notification on D-Link Wifi mobile App 06/09/2021 D-Link has patched other severe vulnerabilities in multiple router models in the past, including remote command injection bugs enabling attackers to take complete control of vulnerable devices. Previously, the company fixed five critical vulnerabilities impacting some of its routers that made it possible for threat actors to steal admin credentials, bypass authentication, and execute arbitrary code in reflected Cross-Site Scripting (XSS) attacks. D-Link issues hotfix for hard-coded password router vulnerabilities
Karlston posted a news in Software NewsNvidia's 466.79 Hotfix driver adds RTX 3070 Ti support, fixes a BSOD error, and more Nvidia's newest graphics card, the GeForce RTX 3070 Ti, launches today and alongside it team green has released the Game Ready WHQL driver version 466.77 which adds support for the new card. The driver carries over most of the same game optimizations that were added with the previous version 466.63. But it does carry support for The Persistence, which recently gained Nvidia's DLSS upgrade. The driver claims to fix a blue screen of death (BSOD) related to error causeds by DPC Watchdog violation in older Kepler and last-gen Turing GPUs. There are also a few more fixes and all of them have been listed below: [Crossfire HD]: Freestyle is not supported for the game.  [Kepler/Turing GPUs]: Blue-screen crash with DPC Watchdog Violation error may occur. [3321668/3321735] [VR]: If the GPU is connected to a 4K UHD TV, the system may freeze when launching a VR game.  [RTX 20 series][GTX 16/10 series][HDMI]: 4K @ 120Hz display mode is not available from display settings.  The known issues related to Windows 10 are the same as the earlier version. They are: [NVIDIA Ampere GPU]: Colors may appear incorrect in games if sharpen Freestyle filter is used with HDR enabled.  This issue will be resolved in the next NVIDIA driver release. [HDR]: Some specific HDMI displays might show some flickering in HDR mode.  If you experiencing flickering issues, reboot the system. [World of Warcraft: Shadowlands]: Random flicker may occur in certain locations in the game  [Batman Arkham Knight]: The game crashes when turbulence smoke is enabled.  [Steam VR game]: Stuttering and lagging occur upon launching a game while any GPU hardware monitoring tool is running in the background.  [YouTube]: Video playback stutters while scrolling down the YouTube page.  Display may flicker or lose signal when launching a game on an adaptive-sync VRR monitor in multi-monitor configuration when sharing the same display mode  The new 466.77 Game Ready driver is now available for download via the GeForce Experience app, but those wanting a standalone installation can use the links below. For those interested, you can view the release notes here. Desktop GPUs: Download: Windows 7, 8, 8.1 | Windows 10 – Standard / DCH Notebook GPUs: Download: Windows 7, 8, 8.1 | Windows 10 - Standard / DCH Update: A previous version of this article reported on the 466.77 driver, but soon after releasing the 466.77 driver today, Nvidia hurriedly launched a hotfix driver version 466.79. The new hotfix is completely based on the previous driver which means it contains those earlier optimizations and also adds a fix to resolve the display flickering issue. The problem is noted in the list of known bugs section highlighted by code number 3314055. Users, on desktops and notebooks, who are experiencing this flickering problem can download the 466.79 hotfix driver from the following links: Download: Windows 10 - Standard / DCH Nvidia's 466.79 Hotfix driver adds RTX 3070 Ti support, fixes a BSOD error, and more
zanderthunder posted a topic in Mobile NewsSamsung began rolling out Android 10 based One UI 2.0 Beta builds to Galaxy S10 devices early this month amid reports of a possible delay. The successor to Android 9.0 Pie-based One UI is more of an iterative update that brings with it polishes and improvements to existing features along with Android 10-specific features such as the gesture navigation system. However, users that are running the beta builds were in for a surprise when a recent update locked them out of their devices – refusing to accept any authentication methods. Users running recent One UI 2.0 Beta builds began reporting that they were unable to unlock their devices through the way of a pin, password or biometrics after restarting the phones. The only preventive measure for those that still had access to their device was to disable all lock screen authentication methods through the Lock Screen settings. For those that were locked out, one of the ways to circumvent the issue was by deleting all authentication methods through Samsung’s Find My Mobile service (provided it was enabled). However, if that service was not enabled, there was no other option but to reset the device and roll back to Android 9 Pie through Smart Switch. Some users also reported that they have been unable to set a pin/password even after rolling back to Pie. Considering the severity of the issue, the firm was quick to release a hotfix for the problem that is now rolling out to all One UI 2.0 Beta users. The critical update package is about 131MB in size, carrying build number G970FXXU3ZSL and should be available to all S10 variants running the beta software. It should be noted that users that are currently locked out will have to either delete their authentication presets first or roll back and re-join the beta since the device will not initiate the update if the device is locked. Running beta software always brings a few risks with it, so it is best to have one’s device backed up in case something goes wrong. As a precaution for any such issues in the future, you can turn on Find My Mobile from Settings > Biometrics and Security > Find My Mobile. Source: 1. Samsung rolls out hotfix for One UI 2.0 Beta after update locks out users (via Neowin) 2. Critical Galaxy S10 Android 10 beta update out, fixes device lock issue (via SamMobile)