400,000 D-Link Devices Vulnerable To Zero-Day Flaw

Tom Jowitt,
vulnerability

Security researchers warn of a serious stack overflow vulnerability in a number of devices from D-Link

Security researchers Senrio have uncovered a serious flaw that affects a range of devices from D-Link, including routers and webcams.

The researchers uncovered the flaw last month, but have warned that the Taiwanese firm has yet to patch the stack overflow vulnerability that can allow for remote code execution.

Firmware Vulnerability

The Senrio research team had initially discovered a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera. This is a Wi-Fi-enabled camera that allows the users to control it via a smartphone app, so it can act as a remote baby or pet monitor for example.

“It is the result of a stack overflow in a service that processes remote commands,” they warned last month. “This vulnerability can be exploited with a single command which contains custom assembly code and a string crafted to exercise the overflow.”

security vulnerability Shutterstock - © Andy Dean Photography“The bug is likely not confined to a single model but prevalent in other products using the same sub-system,” the researchers said at the time. “So far, the research team has confirmed five cameras in the D-Link product line that are vulnerable. This vulnerability points to a bigger issue of poorly written firmware components used in cheap Systems on Chips (SoCs).”

But one month later it turns out that D-Link has still to patch the flaw, and the vulnerability actually affects more than 120 device models from the company, including cameras, routers, access points, modems and storage devices.

Using the Shodan search engine, the Senrio researchers have identified 414,949 D-Link devices that expose a web interface to the internet.

Other Flaws

This is not the first time that D-Link products have been found to contain serious security vulnerabilities.

In 2013 US firm Core Security found firmware flaws in a range of IP cameras, including a number of models made by D-Link.

It should noted however that vulnerabilities can affect many companies, including the likes of Apple.

Earlier this week for example, a particularly dangerous piece of OS X malware was discovered by Bitdefender, that could give attackers full access to a compromised Apple Mac and its webcam.

Are you a security expert? Try our quiz!