A vulnerability in the firmware running on many D-Link products allows attackers to take over cameras and other 120 products.
A month ago, the Senrio research team discovered and exploited a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera.
The vulnerability allows code injection which lets the attackers set a custom password for the Web-based management interface and allows the remote access to the camera feed by sending specifically crafted commands.
Further investigation on the vulnerability revealed that the same issue exists in more than 120 other D-Link products, including cameras, access points, modems, routers, and storage devices.
The flaw resides in a firmware service called dcp that processes remote commands by listening on port 5978.
The dcp service is a component of the module that connects the device with the mydlink D-Link service that allows users to control their devices from outside their networks through a smartphone app.
How many D-Link devices are affected by the flaw?
Using the popular Shodan search engine, the researchers at Senrio firm have spotted over 400,000 D-Link products exposed on the web, most of them are webcams.
At the time I was writing we have no news regarding the exact number of vulnerable devices because D-Link still hasn’t published a list of affected models.
The experts estimated that there are roughly 55,000 D-Link DCS-930L cameras exposed on the Internet, and over 14,000 of them were running the flawed firmware version.
Such kind of flaws could be exploited by hackers to recruit IoT devices in botnet used for illegal activities. Recently, researchers from Arbor Networks reported that the Lizardsquad’s botnet ( known as LizardStresser) is now leveraging on the Internet of Things devices.
Another interesting case was spotted by experts from Sucuri have discovered a large botnet of compromised CCTV devices used by crooks to launch DDoS attacks in the wild.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.