D-Link Forums
The Graveyard - Products No Longer Supported => IP Cameras => DCS-942L => Topic started by: Dopey on January 25, 2013, 08:06:19 AM
-
Author Jason Doyle reported to D-Link an exploit that allows a hacker to easily obtain the administrator password a DCS camera. I won't post any links here for obvious reasons.
The existence of this exploit is extremely troubling. However, the fact that D-Link have known about it, at least since it was reported on June 14, 2012, and done nothing to address it is unconscionable.
When will D-Link issue an update to correct the severe flaw in their products?
-
I'm interested in this too. I have two other beefs:
1. No SSL support ANYWHERE, so your admin password is always ready to be sniffed.
2. By default, the video streams don't have any password, so you can just point a video player at the camera using rtsp://camera.ip/play{1,2,3,4}sdp and watch the stream with no password.
-
I'm interested in this too. I have two other beefs:
1. No SSL support ANYWHERE, so your admin password is always ready to be sniffed.
2. By default, the video streams don't have any password, so you can just point a video player at the camera using rtsp://camera.ip/play{1,2,3,4}sdp and watch the stream with no password.
No need to try to sniff anything. Try guest/guest password.
-
No need to try to sniff anything. Try guest/guest password.
I think that's for a particular model isn't it? I heard one one them creates a default guest account that many people don't notice.(I thought it could be deleted though from my understanding)
They are talking about this CVE-2012-4046 I think here. Which, is an issue with the whole setup process and combined with poor network security enables someone to connect to the camera.