Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

D-Link patches yet more vulns


  • Please log in to reply
No replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:08 AM

Posted 18 March 2015 - 01:58 AM


 

D-Link is moving to patch a bunch of vulnerabilities in consumer products, which almost certainly means that most users either won't know the patch is happening or won't run the update.


 

The first CERT advisory, here, covers DCS-93 series network cameras (models 930L, 931L, 932L and 933L using version 1.04 2014-04-21 of the company's firmware). Vulnerable devices allow remote attackers to upload arbitrary files to locations of their own choice on the device, as well as remotely executing arbitrary code.

DAP-1320 wireless range extenders are subject to an ancient vulnerability, CWE-78 (here), allowing attackers to execute “dangerous commands directly on the operating system”.

The CERT advisory notes the exploit uses the firmware update mechanism, and while the vuln is only confirmed on version 1.11 released in December 2013, “other firmware versions prior to version 1.21b05 may also be vulnerable”.

The vulnerabilities were turned up by Tangible Security.

http://www.theregister.co.uk/2015/03/18/dlink_patches_yet_more_vulns/

 

which almost certainly means that most users either won't know the patch is happening or won't run the update.



BC AdBot (Login to Remove)

 


m



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users