It is currently 22-10-2017 22:06

More than 120 names of products D-Link affected

More than 120 names of products D-Link affected

by sigismund » 2016-07-08 11:47:16


Such vulnerabilities allow you to create a botnet of devices "Internet of things"


Last month the company's experts Senrio found and proekspluatirovat vulnerability in the latest version of firmware wireless cloud camera D-Link DCS-930L that allows you to remotely execute code. Using this vulnerability, an attacker can set your password for logging into the web management interface, and by sending special commands to remotely access the video from the camera.

As shown by further research, this issue affects more than 120 names of products D-Link, including cameras, access points, modems, routers, and storage devices. The vulnerability is present in firmware dcp component that handles remote commands by listening on port 5978. Service dcp is an integral part of the module that connects the device to the mydlink service (allowing users to manage their devices outside the network by using the mobile app).

Using the search engine Shodan experts Senrio found over 400 thousand devices made by D-Link (mostly web-cameras) accessible through the Internet. According to researchers, 55 thousand from them – DCS-930L and vulnerable firmware installed on the 14 th.

Such vulnerabilities allow you to create a botnet of devices "Internet of things". A striking example is botzet LizardStresser, functioning on the basis of IoT devices used to implement powerful DDoS-attacks.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5