A month ago, the Senrio research team discovered and exploited a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera.
The vulnerability allows code injection which lets the attackers set a custom password for the Web-based management interface and allows the remote access to the camera feed by sending specifically crafted commands.
Further investigation on the vulnerability revealed that the same issue exists in more than 120 other D-Link products, including cameras, access points, modems, routers, and storage devices.
The flaw resides in a firmware service called dcp that processes remote commands by listening on port 5978.
The dcp service is a component of the module that connects the device with the mydlink D-Link service that allows users to control their devices from outside their networks through a smartphone app.
How many D-Link devices are affected by the flaw?
Using the popular Shodan search engine, the researchers at Senrio firm have spotted over 400,000 D-Link products exposed on the web, most of them are webcams.
At the time I was writing we have no news regarding the exact number of vulnerable devices because D-Link still hasn’t published a list of affected models.
The experts estimated that there are roughly 55,000 D-Link DCS-930L cameras exposed on the Internet, and over 14,000 of them were running the flawed firmware version.
Such kind of flaws could be exploited by hackers to recruit IoT devices in botnet used for illegal activities. Recently, researchers from Arbor Networks reported that the Lizardsquad’s botnet ( known as LizardStresser) is now leveraging on the Internet of Things devices.
Another interesting case was spotted by experts from Sucuri have discovered a large botnet of compromised CCTV devices used by crooks to launch DDoS attacks in the wild.
[adrotate banner=”9″]
(Security Affairs –D-Link DCS-930L camera, IoT)
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.