Vulnerability Hits Multiple Products

Tuesday, July 12, 2016 @ 05:07 PM gHale


A severe D-Link cloud camera vulnerability disclosed last month really affects over 120 other D-Link products because the company’s engineers reemployed the same vulnerable component across the different firmware versions.

A remote code execution (RCE) vulnerability discovered in June in D-Link DCS-930L cameras allowed bad guys to execute arbitrary code, said researchers from Senrio.

RELATED STORIES
ICS Components Remain Connected to Internet
Ransomware Masked as Rockwell Update
Malware Uses Tor for OS X Backdoor
Updated Tor Browser Releases

The company created a proof-of-concept exploit that reset the webcam’s password to highlight the issue.

In addition to that vulnerability, Stephen Ridley, the security researcher who discovered the problem said he found the same vulnerable component used in over 120 other D-Link products that range from access points to routers, and from data storage systems to modems.

Since the RCE vulnerability can end up exploited via a network connection, any vulnerable D-Link device reachable via a ping is potentially in danger.

Ridley said over 400,000 D-Link products are currently available online.

In response to the latest vulnerability disclosure, D-Link said it will fix all issues.