CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Network Security

Serious Vulnerability Affects Over 120 D-Link Products

Software Component Reuse Brings Vulnerabilities To Entire Product Lines

Software Component Reuse Brings Vulnerabilities To Entire Product Lines

A vulnerability affecting D-Link Wi-Fi cameras, disclosed by researchers in June, has been found to affect more than 120 of the company’s products. Experts identified nearly half a million potentially vulnerable devices accessible over the Internet.

IoT security startup Senrio reported last month that it had identified a stack overflow in D-Link’s popular DCS-930L Wi-Fi cameras. Researchers said the vulnerability can be exploited by a remote attacker for arbitrary code execution, including to overwrite the administrator password of the affected devices.

When it disclosed its existence, Senrio said D-Link had been working on addressing the flaw. The vendor has analyzed the vulnerability and determined that it actually affects more than 120 D-link cameras, access points, routers, modems, storage solutions and connected home products.

The flaw exists in a service responsible for processing remote commands and it can be exploited with a single specially crafted command. Stephen Ridley, researcher and founder of Senrio, told SecurityWeek that while their initial proof-of-concept (PoC) was designed to change the password of a vulnerable device, an attacker could do virtually anything with this flaw, including snoop on network traffic and install backdoors.

According to the expert, the vulnerable code is present in many D-Link products, but each device requires a different exploit.

“The locations of values in memory are different between firmware versions and devices, which affects how a successful exploit for the bug is written,” said Ridley. “An attacker would practically account for this difference in versions/devices by ‘fingerprinting’ a device (e.g. query the device first) and then change the exploit payload based on the target.”

A search conducted with Shodan has shown that there are more than 400,000 potentially vulnerable devices accessible from the Internet, and most of them are located in North America, followed by Europe.

Advertisement. Scroll to continue reading.

Vulnerable D-Link devices

“The D-Link vulnerability found by the Senrio Research team is extremely relevant given the recent news on how webcams were used for a DDoS attack. It is reasonable to expect more of these types of attacks as malicious actors realize how ubiquitous and vulnerable IoT devices are,” said John Matherly, CEO of Shodan.

D-Link plans to patch the vulnerability in each of its products soon – starting with DCS cameras, which account for a majority of affected devices. The company said it will address the issue by removing the command that can trigger the vulnerability.

This is not the first time concern over shared code in IoT devices has been raised. Earlier this year, it was discovered that surveillance cameras sold by more than 70 vendors worldwide were found to be vulnerable to a Remote Code Execution (RCE) vulnerability because of shared firmware code.

In November 2015, a study by IT security consultancy SEC Consult revealed that millions of IoT devices use the same cryptographic secrets, making them vulnerable to various types of malicious attacks. 

“The big takeaway from this is that a single software component gets reused throughout company product lines,” said Ridley. “This is the gospel we’ve been trying to preach especially to the industrial control folks who we see this pattern the most in. They reuse the same vulnerable bits of code from the lower cost stuff all the way through flagship products.”

Ridley will be presenting on additional research at SecurityWeek’s 2016 ICS Cyber Security conference, taking place in Atlanta Oct. 24 -27, 2016.

Related: “Libotr” Library Flaw Exposes Popular IM Apps

Related: Remote Code Execution Flaw Patched in glibc Library

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.