D-Link Forums

The Graveyard - Products No Longer Supported => IP Cameras => DCS-5020L => Topic started by: pish180 on July 29, 2013, 12:41:32 PM

Title: Security for the Security Cam DCS-5020L
Post by: pish180 on July 29, 2013, 12:41:32 PM

Perhaps I'm expecting a bit much but why is the security of this firmware so poor? It's a security camera which should be secure...? 

My gripes:
You can't specifically use HTTPS and disable HTTP. 
Where is the SSH support? ... Telnet, who uses telnet still, it's 2013 we use encryption now?
I ran a scan against the device and it has several high ports open, not sure why... 
Can you change the logon message prompt?  It displays: "The Server <YOURHOSTNAME.COM> at DCS-5020L requires a username or password.  Anybody can look up the model number and find the default username/password (which you can't disable in the firmware).

Title: Re: Security for the Security Cam DCS-5020L
Post by: RoughRiver on July 30, 2013, 08:49:09 AM

I'm with you on this. There are several security related issues in the Wishlist (http://forums.dlink.com/index.php?topic=54815.0). Add any missing content to that thread - it can only help our common cause.

As you state, the built-in admin account can't be disabled, but of course, the password can be changed. Still, not as good as being able to disable the account entirely.

Title: Re: Security for the Security Cam DCS-5020L
Post by: pish180 on August 02, 2013, 08:08:48 AM

I'll try to get my list of things together.. Knowing Dlink though... I'm in doubt that they will actually release another firmware to fix this.  Not sure what the EOL is on this unit but I think their security camera's have rather quick EOL (end of life) due to new rapidly developing hardware and designs.