The flaw allows unauthorized users to gain access to the video stream.
Company D-Link has released updates that fixes vulnerabilities in routers 5 and 8 IP-cameras. Experts point out that gaps in the software routers resemble vulnerabilities that were previously eliminated in the other models, but the cameras found dangerous, previously unknown vulnerabilities, which proved to be quite an unpleasant surprise for developers – vulnerability allows unauthorized viewers to intercept the video stream from the camera or from ASCII-output.
Vulnerabilities in IP-cameras have been discovered by researchers Core Security. According to the notification experts found several methods used by unauthorized intruders to gain access to the flow chamber, where the use of HTTP or RTSP-flow and even ASCII-animation. In addition, teams can be entered using the web-camera interface, and using the credentials to access the firmware, which allows an attacker to actually create a backdoor.
Core Security experts say that notified the representatives of the D-Link about finding vulnerabilities in mid-March of this year.
According to the manufacturer, released update addresses the vulnerabilities in all sold or previously sold products in the UK.
