D-Link released updates addressing vulnerabilities in 5 models of routers and 8 models of IP-cameras. Security experts state that bugs in routers’ software resemble vulnerabilities that were previously patched, while flaws discovered in cameras were marked as dangerous. The bug allowed unauthenticated users to gain access to the video stream via camera or ASCII-output.
Researchers at Core Security discovered vulnerabilities in IP-cameras. According to the security experts’ advisory, they managed to find several methods used by unauthenticated users to gain access to camera stream, among which are using HTTP or RTSP-flows and even ASCII-animation. Moreover, the commands may be executed through the web-camera interface, as well as by using the hard-coded credentials to access the firmware. That, in turn, allows attackers to create a backdoor.
Core Security experts say that they notified the representatives of D-Link about discovering vulnerabilities in mid-March this year.
According to the manufacturer, released update addresses the vulnerabilities in all products sold and being sold in the UK.
