400000 D-Link devices vulnerable to zero-day flaw2016-07-11 03:18 by Daniela
Tags: D-Link, DCS-930L
Security researchers warn of a serious stack overflow vulnerability in a number of devices from D-Link. Initially, it was revealed that there is a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera.
Now, it turned out that the firmware used for that camera has been used across multiple products, which means that the vulnerability affects more than 120 models, including cameras, routers, access points, modems, and storage devices.
"It is the result of a stack overflow in a service that processes remote commands," researchers from Senrio warned last month. "This vulnerability can be exploited with a single command which contains custom assembly code and a string crafted to exercise the overflow."
Patches are yet unavailable despite indications from D-Link to Senrio that they would be ready July 1. D-Link is expected to issue a fix next week.
Read more -here-