400,000 D-Link Devices Vulnerable To Zero-Day Flaw

Security researchers Senrio have uncovered a serious flaw that affects a range of devices from D-Link, including routers and webcams.

The researchers uncovered the flaw last month, but have warned that the Taiwanese firm has yet to patch the stack overflow vulnerability that can allow for remote code execution.

Firmware Vulnerability

The Senrio research team had initially discovered a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera. This is a Wi-Fi-enabled camera that allows the users to control it via a smartphone app, so it can act as a remote baby or pet monitor for example.

“It is the result of a stack overflow in a service that processes remote commands,” they warned last month. “This vulnerability can be exploited with a single command which contains custom assembly code and a string crafted to exercise the overflow.”

“The bug is likely not confined to a single model but prevalent in other products using the same sub-system,” the researchers said at the time. “So far, the research team has confirmed five cameras in the D-Link product line that are vulnerable. This vulnerability points to a bigger issue of poorly written firmware components used in cheap Systems on Chips (SoCs).”

But one month later it turns out that D-Link has still to patch the flaw, and the vulnerability actually affects more than 120 device models from the company, including cameras, routers, access points, modems and storage devices.

Using the Shodan search engine, the Senrio researchers have identified 414,949 D-Link devices that expose a web interface to the internet.

Other Flaws

This is not the first time that D-Link products have been found to contain serious security vulnerabilities.

In 2013 US firm Core Security found firmware flaws in a range of IP cameras, including a number of models made by D-Link.

It should noted however that vulnerabilities can affect many companies, including the likes of Apple.

Earlier this week for example, a particularly dangerous piece of OS X malware was discovered by Bitdefender, that could give attackers full access to a compromised Apple Mac and its webcam.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago