14 DAY TRIAL // Experts from Core Security have identified several vulnerabilities in D-Link IP cameras that can be exploited by cybercriminals for various purposes.
The list of vulnerabilities includes OS command injection, authentication flaws, information leakage, and the use of hard-coded credentials.
These security holes can be leveraged to execute arbitrary commands from the administration web interface, bypass RTSP authentication by using the hard-coded credentials, access the video stream via HTTP, access the stream via RTSP, or capture the ASCII video stream via image luminance.
Over one dozen models have been appointed by the security firm as containing the buggy firmware, but other devices might also be impacted.
Despite the fact that Core and D-Link have had some run-ins, on April 25, the vendor informed the security company that the patches were ready. D-Link said it would be making them available on its website over the next few days.
Check out the complete list of affected devices. If your camera is on it, keep an eye on D-Link’s website and update your firmware as soon as the patch becomes available.