It is currently 22-10-2017 22:11

More than a hundred models of cameras, routers, and other devices D-Link have a dangerous vulnerability

More than a hundred models of cameras, routers, and other devices D-Link have a dangerous vulnerability

by seo_worker » 2016-07-11 08:51:07



The June story about a vulnerability in wireless camera D-Link has been developed. The manufacturer confirmed that the same hole is present in firmware 120 or more cameras, routers, and other its devices. While hundreds of thousands of potentially vulnerable devices D-Link is connected to the Internet and are not protected from attacks.

About a month ago, the company Senrio has discovered a vulnerability in D-Link camera DCS-930L used for surveillance in house or office. It turned out that in the analysis of remote commands received via the port 5978, it may cause a buffer overflow. In the result, the result string will be written on top of the call stack.

For eksluatatsii vulnerability is enough to send the camera in a special way formed team that includes Assembly code and a string that will overflow the buffer and place on the stack the address of this code.

Experts Senrio demonstrated the threat posed by the vulnerability, changing with it the admin password from the web interface of the camera. They warn that with the same success for the device it would be possible to install malware.

Already then experts noticed that the same vulnerability may be affected and other devices D-Link. And so it proved.

The bug that causes a buffer overflow lurking in the component firmware called dcp. This component is responsible for interaction with an online service mydlink, allowing you to control devices over the Internet or via a smartphone app.

Uses Mydlink D-Link DCS-930L, but many other devices from the same manufacturer. The firmware of most of them includes dcp, dcp and if there is — there is his vulnerability. Assessment of D-Link, the problem affects more than 120 models of wireless cameras, routers, access points, modems and drives that the company produces.

With the help of service experts Shodan Senrio identified
about 55 thousand cameras D-Link DCS-930L connected to the Internet. The vulnerability was discovered in four of them. The total number of devices D-Link is even higher — it is, according Senrio, exceeds 400 thousand. While the manufacturer has not published the results of the investigation, it remains unclear which ones are vulnerable and which are not, but the situation can be very serious.
seo_worker
moderators
Сообщений: 755
Депозит: 0.005 BTC

Rating: 2