D-Link Forums

D-Link FAQ => Network Camera FAQ => Archive => Topic started by: JavaLawyer on February 25, 2014, 03:02:15 PM

Title: Network Cameras - Security Patch for Select Cloud Camera Models [2/25/2014]
Post by: JavaLawyer on February 25, 2014, 03:02:15 PM
Overview

The DCS-930L, DCS-931L, DCS-932L, DCS-933L, DCS-2330L, DCS-2332L, DCS-2136L, DCS-5010L, DCS-5020L, and DCS-5222L have been found to keep there SSL certificate used to communicate with the mobile application and mydlink cloud service.  It was reported to D-Link and confirmed that this is an inappropriate implementation for these devices and must be corrected.

General Disclosure

Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.  We will continue to update this page to include the relevant product firmware updates addressing these concerns. In the meantime, you can exercise the below cautions to avoid unwanted intrusion into your D-Link router.

Details


Download Firmware


mydlink Users

mydlink account users who install this security patch on their Cloud camera may be prompted through the mydink.com website or mydlink mobile app to upgrade their Cloud camera firmware. Please disregard this upgrade notice as agreeing to the upgrade may re-install the last available pre-patch firmware version. Due to the urgency of addressing this security concern, this latest firmware was released to the general public prior to being certified within the mydlink service, which does not presently recognize the security patch as the most current official version. D-Link is actively working towards resolving this issue.

Security patch for your D-Link cameras

These firmware updates address the security vulnerabilities in affected D-Link cameras. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

Original Notice

DCS-820L/930L/931L/932L/933L/2330L/2332L/2136L/5010L/5020L/5222L - Persistent SSL certificate from software upgrade or factory reset (http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10010)