D-Link products are vulnerable

    D-Link is a global manufacturer of network and telecommunications equipment. Initially, the name sounded like Datex Systems, but in 1994 it was changed to the now-known D-Link Corporation, a pioneer company among telecommunications companies. Currently engaged in the production of Ethernet communicators, Wi-Fi standard wireless equipment, xDSL family devices, IP cameras, environment converters, routers, firewalls, network adapters, VoIP equipment, print servers, KVM switches, modems, NAS, SAN drives , as well as equipment GEPON.

    In June, a vulnerability was discovered in the latest firmware version of the D-Link DCS-930L wireless cloud camera; Senrio's experts exploited this vulnerability,
    which, as it turned out, allows you to remotely execute the code, with its help it is possible to set a password to log into the web interface. An attacker can control the camera by sending special commands and receiving remote access to the video from the camera. D-Link DCS-930L is a home and office surveillance camera, can work with network devices via standard Ethernet 10/100, connecting with a twisted pair with a router, and via Wi-Fi, n-mode ideally provides up to 150 Mbps /with. All types of encryption are supported.

    This vulnerability is characteristic of more than 120 D-Link products, including cameras, access points, modems, routers, and data storage devices. The vulnerability is found in the dcp firmware component, which processes remote commands, listening on port 5978. The dcp service is an integral part of the module that connects the device to the mydlink service.

    The search engine Shodan helped Senrio experts discover more than 400,000 D-Link devices available via the Internet. According to calculations, 55 thousand of them are DCS-930L cameras, and vulnerable firmware is installed on 14 thousand.

    Such vulnerabilities can create a botnet from “Internet of Things” devices, as an example is the LizardStresser botnet, which works on the basis of IoT devices and is used to implement powerful DDoS attacks. LizardStresser was created not so long ago by the Lizard Squad group, attacks were mainly directed at IoT devices using default passwords used on a large number of devices. Recently, a new wave of attacks from the DDoS-botnet LizardStresser, which consists of hundreds of video cameras available from the Internet, was noticed.

    Major Brazilian banks and telecommunications companies, government agencies and US gaming web services were previously subject to attacks by this group. The source codes of this tool were laid out in open access in 2015, and did not go unnoticed, a criminal group was organized, which tried to build its botnet. In June, experts counted more than a hundred of LizardStresser command servers, 1,300 webcams, from which attacks of up to 400 Gbit / s are conducted.

    Also popular now: