Remote code execution flaw affects more than 120 D-Link models and 400,000 users
A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device, also exists in more than 120 other D-Link products. The high-risk vulnerability can allow potential hackers to take over cameras, routers, and other D-Link products.
Security researchers from Senrio had earlier discovered this high-risk vulnerability in D-Link DCS-930L, a Wi-Fi enabled camera that can be controlled remotely through a smartphone app. In June, Senrio briefly described the issue on their company blog in which they demonstrated their PoC by using their custom tools to take over the Wi-Fi enabled camera.
“The vulnerability allows code injection which lets the attacker set a custom password, granting remote access to the camera feed. Thus, even if users create a strong password, this type of exploit can override it. Instead of setting a new password as the exploit, an attacker could just as easily add a new user with administrator access, download firmware or otherwise reconfigure this device,” June’s post explained.
According to the researchers, the flaw was caused due to stack overflow and located in DCP service which listens to commands on Port 5978. The researchers found that with the right tools, a potential hacker can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system. Once they had control of the system, they can change the admin credentials without the victim’s knowledge. The potential hackers can also install malware on the device.
As it turns out, D-Link uses the DCP service in almost all its products to connect its mydlink service. This is the cloud-based service that allows users to control their devices from outside their networks through a smartphone app and is used by almost 120 other D-Link products putting them at equal risk.
This puts D-Link products buyers at risk and there are a lot of them. According to Shodan.io, there are 414,949 publicly accessible devices impacted by this vulnerability. Search on Shodan for DCS-930L alone returned 55,000 susceptible Wi-Fi enabled cameras. Imagine hackers installing a malware on your Wi-Fi enabled D-Link cameras to steal your private and personal images.
D-Link said that it will be coming up with a patch soon. D-Link also said that older D-Link models will need to be pulled from the Internet altogether, or the owners of said devices will need to accept the risk.