Security flaw in D-Link Wi-Fi products exposes 400,000 devices

It takes only a single line of code to hijack over 400,000 vulnerable D-Link devices.
Written by Charlie Osborne, Contributing Writer

A serious security flaw has been discovered in D-Link networked products which leave users open to attack.

The stack overflow issue gives attackers the opportunity to overwrite administrator passwords in home Wi-Fi cameras, placing users at risk of being spied upon. The remote execution flaw not only allows an attacker to set their own custom password to access devices but also add new users with admin access to the interface, download malicious firmware or reconfigure products how they please.

The Senrio research team revealed their findings on Wednesday. In a blog post, the firm said the vulnerability lies within the latest firmware update issued to the D-Link DCS-930L Network Cloud Camera, and is caused by a stack overflow problem in a service which processes remote commands.

As a result, an attacker needs only add a single line of code to compromise a device.

"The vulnerable function copies data from an incoming string to a stack buffer, overwriting the return address of the function," Senrio says.

"This vulnerability can be exploited with a single command which contains custom assembly code and a string crafted to exercise the overflow. The function first copies the assembly code to a hard-set, executable, address. Next, the command triggers the stack overflow and sets the value of the function's return address to the address of the attacker's assembly code."

In total, five cameras in the D-Link product line are vulnerable to this flaw, but the vulnerability "points to a bigger issue of poorly written firmware components used in cheap Systems on Chips (SoCs)," according to Senrio.

Due to code reuse, upon further investigation using the Internet of Things (IoT) search engine Shodan, the researchers found that roughly 415,000 devices are open to the web and vulnerable to attack.

Over 120 products are recorded as open, including routers, modems, access points and storage products.

Senrio said:

"Adoption [of IoT devices] is driven by business rationale but the security exposure is often overlooked.

The techniques used to find the WiFi Camera vulnerability are also used to identify vulnerabilities in medical and industrial devices used in hospitals, nuclear power plants, and factories. And often those devices receive just as little security scrutiny as this webcam."

A D-Link spokesman told ZDNet:

"D-Link is fully aware of this report of a stack overflow in one of our camera's remote commands and we are taking this report very seriously.

Since being alerted, we have been carefully investigating all the information sent to us from the source of the report. At this time, there is suspicion that it may be pointing to a past issue that's already been dealt with. We are continuing to investigate further and will do what's necessary to keep our cameras safe.

As a rule of thumb, we advise customers to once again review their devices and check they are all running on the latest firmware as well as change their passwords regularly."

10 steps to learn how to hack

Editorial standards