A flaw in the D-LINK WI-FI camera affects more than 120 products

Pierluigi Paganini July 08, 2016

A vulnerability in the firmware running on many D-Link products allows attackers to take over cameras and other 120 products.

A month ago, the Senrio research team discovered and exploited a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera.

D-Link DCS-930L camera

The vulnerability allows code injection which lets the attackers set a custom password for the Web-based management interface and allows the remote access to the camera feed by sending specifically crafted commands.

Further investigation on the vulnerability revealed that the same issue exists in more than 120 other D-Link products, including cameras, access points, modems, routers, and storage devices.

The flaw resides in a firmware service called dcp that processes remote commands by listening on port 5978.

The dcp service is a component of the module that connects the device with the mydlink D-Link service that allows users to control their devices from outside their networks through a smartphone app.

How many D-Link devices are affected by the flaw?

Using the popular Shodan search engine, the researchers at Senrio firm have spotted over 400,000 D-Link products exposed on the web, most of them are webcams.

At the time I was writing we have no news regarding the exact number of vulnerable devices because D-Link still hasn’t published a list of affected models.

The experts estimated that there are roughly 55,000 D-Link DCS-930L cameras exposed on the Internet, and over 14,000 of them were running the flawed firmware version.

Such kind of flaws could be exploited by hackers to recruit IoT devices in botnet used for illegal activities. Recently, researchers from Arbor Networks reported that the Lizardsquad’s botnet ( known as LizardStresser) is now leveraging on the Internet of Things devices.

Another interesting case was spotted by experts from Sucuri have discovered a large botnet of compromised CCTV devices used by crooks to launch DDoS attacks in the wild.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –D-Link DCS-930L camera, IoT)

you might also like

leave a comment