Code reuse exposes over 120 D-Link devices models to hacking
A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device also exists in more than 120 other D-Link products.
The vulnerability was initially discovered a month ago by researchers from security start-up firm Senrio in D-Link DCS-930L, a Wi-Fi enabled camera that can be controlled remotely through a smartphone app.
The flaw, a stack overflow, is located in a firmware service called dcp, which listens to commands on port 5978. Attackers can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system.