• November 04, 2024, 06:36:19 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Network Cameras - Security Patch for Select Cloud Camera Models [2/25/2014]  (Read 21367 times)

JavaLawyer

  • BETA Tester
  • Level 15 Member
  • *
  • Posts: 12190
  • D-Link Global Forum Moderator
    • FoundFootageCritic

Overview

The DCS-930L, DCS-931L, DCS-932L, DCS-933L, DCS-2330L, DCS-2332L, DCS-2136L, DCS-5010L, DCS-5020L, and DCS-5222L have been found to keep there SSL certificate used to communicate with the mobile application and mydlink cloud service.  It was reported to D-Link and confirmed that this is an inappropriate implementation for these devices and must be corrected.

General Disclosure

Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.  We will continue to update this page to include the relevant product firmware updates addressing these concerns. In the meantime, you can exercise the below cautions to avoid unwanted intrusion into your D-Link router.

Details

  • When camera does not have feature, upgrade to a f/w with SSL certificate, it will automatically create a self signed cert (regenerated)
  • When camera upgrades with a f/w with cert. (f/w with SSL certificate automatically self signed), the SSL certificate wll automatically create a new self-signed cert (regenerate)
  • When camera is factory reset, the camera will automatically create a new self-signed SSL certificate

Download Firmware


mydlink Users

mydlink account users who install this security patch on their Cloud camera may be prompted through the mydink.com website or mydlink mobile app to upgrade their Cloud camera firmware. Please disregard this upgrade notice as agreeing to the upgrade may re-install the last available pre-patch firmware version. Due to the urgency of addressing this security concern, this latest firmware was released to the general public prior to being certified within the mydlink service, which does not presently recognize the security patch as the most current official version. D-Link is actively working towards resolving this issue.

Security patch for your D-Link cameras

These firmware updates address the security vulnerabilities in affected D-Link cameras. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

Original Notice

DCS-820L/930L/931L/932L/933L/2330L/2332L/2136L/5010L/5020L/5222L - Persistent SSL certificate from software upgrade or factory reset
« Last Edit: December 18, 2014, 03:42:29 PM by JavaLawyer »
Logged
Find answers here: D-Link ShareCenter FAQ I D-Link Network Camera FAQ
There's no such thing as too many backups FFC