400,000 D-Link Devices Vulnerable To Zero-Day Flaw

Security researchers Senrio have uncovered a serious flaw that affects a range of devices from D-Link, including routers and webcams.

The researchers uncovered the flaw last month, but have warned that the Taiwanese firm has yet to patch the stack overflow vulnerability that can allow for remote code execution.

Firmware Vulnerability

The Senrio research team had initially discovered a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera. This is a Wi-Fi-enabled camera that allows the users to control it via a smartphone app, so it can act as a remote baby or pet monitor for example.

“It is the result of a stack overflow in a service that processes remote commands,” they warned last month. “This vulnerability can be exploited with a single command which contains custom assembly code and a string crafted to exercise the overflow.”

“The bug is likely not confined to a single model but prevalent in other products using the same sub-system,” the researchers said at the time. “So far, the research team has confirmed five cameras in the D-Link product line that are vulnerable. This vulnerability points to a bigger issue of poorly written firmware components used in cheap Systems on Chips (SoCs).”

But one month later it turns out that D-Link has still to patch the flaw, and the vulnerability actually affects more than 120 device models from the company, including cameras, routers, access points, modems and storage devices.

Using the Shodan search engine, the Senrio researchers have identified 414,949 D-Link devices that expose a web interface to the internet.

Other Flaws

This is not the first time that D-Link products have been found to contain serious security vulnerabilities.

In 2013 US firm Core Security found firmware flaws in a range of IP cameras, including a number of models made by D-Link.

It should noted however that vulnerabilities can affect many companies, including the likes of Apple.

Earlier this week for example, a particularly dangerous piece of OS X malware was discovered by Bitdefender, that could give attackers full access to a compromised Apple Mac and its webcam.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Fiber Plans US Network Expansion – Report

Google Fiber resurfaces. Network to be expanded to offer speedy internet connectivity to cities in…

5 hours ago

Samsung Unveils Two New Folding Smartphones

Foldable updates from Samsung. include new versions of its pocket sized square (Galaxy Z Flip…

5 hours ago

Facebook At Centre Of US Teenager Home Abortion Case

Court documents show Facebook provided police in the US state of Nebraska with a teenager's…

9 hours ago

President Biden Signs $53 Billion US Chips Act

President Joe Biden signs landmark bill to encourage chip makers to build more semiconductor manufacturing…

10 hours ago

WhatsApp Update To Allow Users To Leave Groups Silently

Privacy changes to WhatsApp. No more blanket notifications to a group if a user decides…

11 hours ago