Security company Core Security informed of serious vulnerabilities found in IP cameras. Revealed deficiencies relating to products from D-Link and allow potential attackers to capture online video stream without knowing the data.
List of Threatened equipment: DCS-3411/3430 - v1.02, DCS-5605/5635 - v1.01, DCS-1100L/1130L - v1.04, DCS-1100/1130 - v1.03, DCS-1100/1130 - v1.04_US, DCS-2102/2121 - v1.05_RU, DCS-2102/2121 - v1.06, DCS-2102/2121 - v1.06_FR, TESCO DCS-2102/2121 - v1.05_TESCO, DCS-3410 - v1 .02, DCS-5230 - v1.02, DCS-5230L - v1.02, DCS-6410 - v1.00, DCS-7410 - v1.00, ribershop DCS-7510 - v1.00, WCS-1100 - v1.02
The company Core Security specializes in providing security solutions for businesses and government organizations. In recent days, released details of the five errors that are found in the firmware multiple IP cameras from D-Link. All discovered ribershop security holes can be used remotely via the Internet.
The first error allows an attacker without having to log, execute arbitrary commands via a web interface ribershop IP cameras. Two more errors allow access to online stream without ribershop having to enter credentials. To start the video just write into your browser address in the form "http://xxx.xxx.xxx.xxx/upnp/asf-mp4.asf" and then start the video stream. The same principle can be viewed online stream of ASCII code. Again, ribershop there is no need for any special verification, you only need to enter the special ribershop address "http://xxx.xxx.xxx.xxx/md/lums.cgi".
The fourth security flaw allows an attacker to modify the web interface IP cameras and add to it any commands. The last of the errors concern the RTSP service, ribershop which includes fixed specified credentials. These data are intended for example for service purposes and can be exploited to bypass the login process.
Security vulnerabilities, including the technical details have been duly notified of D-Link in mid-March During April the company has informed ribershop that the necessary patches are ready and will be published on the official website in a few days. Firmware update can find on these pages company.
It is worth mentioning specific models (D-Link DCS-5605 DCS-5635 respectively), which contain the aforementioned security holes. ribershop They are marketed as ideal devices for deployment in hospitals, ribershop banks, and other institutions. It is through such unsecured IP cameras placed as banks, the attackers could get to the interesting information.
Re: D-Link and TP-Link are purely Chinese company ... Chinese 6 5 2013 13:25 Re: D-Link and TP-Link ribershop are purely Chinese company ... GFX_VGA 4 5 2013 22:44 Re: D-Link and TP-Link are purely Chinese company ... xxx 4 5 2013 20:37 D-Link and TP-Link are purely Chinese companies also ... GFX_VGA 3 5 2013 16:39
RTVS promises and Ultra HD broadcasts, extensive leakage card details, Chrome OS penetrates to other devices. An overview of the week.
All Tags
No comments:
Post a Comment