Vulnerability impacts 400,000 D-Link devices

By on
Vulnerability impacts 400,000 D-Link devices

A web camera's code vulnerability discovered by researchers last month was reused across the D-Link's product lines, affecting more than 120 products and 400,000 individual devices.

The pre-authentication flaw, discovered by Senrio security researchers, was initially found in the D-Link DCS-930L, a wireless IP surveillance camera that is controlled remotely. The stack overflow vulnerability allows for remote code execution of the device.

The researchers discovered that the software component appeared across the company's product lines, although it initially appeared that some of the products did not utilise the software component in the default settings.

However, this estimation unfortunately proved to be overoptimistic.

D-Link conducted its own analysis of the company's network routers, IoT devices, and home security devices and informed Senrio that more than 120 devices are affected.

“It constitutes a fairly sizable portion of their product line,” said Stephen A. Ridley, CTO and founder at Senrio.

The Taiwanese vendor has not yet released a patch for the flaw.

In January, Vectra Networks hacked D-Link's consumer-grade wi-fi webcam and used the camera to create a persistent access point into corporate networks.

“While the thought of strangers watching your sleeping baby is disturbing, the implications for enterprise and infrastructure environments are downright scary,” the Senrio blog post noted in June.

Manufacturers often opt to reuse firmware code across products to create cost savings and cut development time. However, code reuse can make it easier for attackers to exploit a small firmware component to launch attacks against multiple products.

The problem is especially dangerous in medical device and industrial control components, according to Ridley.

“Code reuse is vulnerability reuse,” he said.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What does your business want for Christmas?
Skilled people who'll take Elves' wages
A stocking full of good leads
Please, Santa, drop some cash down the chimney!
All status indicators green like misteltoe, none red like Rudolph's nose
A peaceful, relaxing time for the team and our clients, and all their families
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?