Code reuse exposes over 120 D-Link devices models to hacking
A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device also exists in more than 120 other D-Link products. The vulnerability was initially discovered a month ago by researchers from security start-up firm Senrio in D-Link DCS-930L, a Wi-Fi enabled camera that can be controlled remotely through a smartphone app. The flaw, a stack overflow, is located in a firmware service called dcp, which listens to commands on port 5978. Attackers can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system. The Senrio researchers used the flaw to silently change the administrator password for the Web-based management interface, but it could also be used to install malware on the device.
Jul-7-2016, 14:30:45 GMT