D-Link publishes beta patches for IP surveillance camera vulnerabilities

D-Link said patches are for those who want to manually update their camera's firmware ahead of next month's full release

D-Link has published beta patches for vulnerabilities in the firmware of many of its IP surveillance cameras, which could allow a hacker to intercept a video stream.

The company said on its support forum that it will publish a full release of the upgraded firmware within a month. Some of D-Link's consumer IP cameras in its Cloud product line will automatically receive the updates.

[ Also on InfoWorld: D-Link firmware flaws could allow IP video stream spying. | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

"We are releasing beta firmware with the security patch for customers who want to manually update their cameras immediately," a D-Link administrator wrote on the company's support forum.

The administrator also posted instructions for how to upgrade the firmware. Users should not upgrade over a wireless connection, as an error could break the camera.

Identical notices were published on the pages for other affected products. The updates come after Core Security published on Monday details of five vulnerabilities in D-Link's firmware, which is used in more than a dozen of its products.

D-Link's IP video cameras can take stills and record video and can be managed through web-based control panels or mobile devices. Core found a range of problems, including hard-coded credentials and authentication issues that could allow an attacker access via the RTSP (real time streaming protocol).

The technical details were posted in the Full Disclosure section of Seclists.org. Some of the products have been phased out by D-Link, according to the company's website.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies