A month ago, the Senrio research team discovered and exploited a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera.
The vulnerability allows code injection which lets the attackers set a custom password for the Web-based management interface and allows the remote access to the camera feed by sending specifically crafted commands.
Further investigation on the vulnerability revealed that the same issue exists in more than 120 other D-Link products, including cameras, access points, modems, routers, and storage devices.
The flaw resides in a firmware service called dcp that processes remote commands by listening on port 5978.
The dcp service is a component of the module that connects the device with the mydlink D-Link service that allows users to control their devices from outside their networks through a smartphone app.
How many D-Link devices are affected by the flaw?
Using the popular Shodan search engine, the researchers at Senrio firm have spotted over 400,000 D-Link products exposed on the web, most of them are webcams.
At the time I was writing we have no news regarding the exact number of vulnerable devices because D-Link still hasn’t published a list of affected models.
The experts estimated that there are roughly 55,000 D-Link DCS-930L cameras exposed on the Internet, and over 14,000 of them were running the flawed firmware version.
Such kind of flaws could be exploited by hackers to recruit IoT devices in botnet used for illegal activities. Recently, researchers from Arbor Networks reported that the Lizardsquad’s botnet ( known as LizardStresser) is now leveraging on the Internet of Things devices.
Another interesting case was spotted by experts from Sucuri have discovered a large botnet of compromised CCTV devices used by crooks to launch DDoS attacks in the wild.
(Security Affairs –D-Link DCS-930L camera, IoT)