D-Link has published beta patches for vulnerabilities in the firmware of many of its IP surveillance cameras, which could allow a hacker to intercept a video stream.
The company said on its support forum that it will publish a full release of the upgraded firmware within a month. Some of D-Link’s consumer IP cameras in its Cloud product line will automatically receive the updates.
“We are releasing beta firmware with the security patch for customers who want to manually update their cameras immediately,” a D-Link administrator wrote on the company’s support forum.
The administrator also posted instructions for how to upgrade the firmware. Users should not upgrade over a wireless connection, as an error could break the camera.
Identical notices were published on the pages for other affected products. The updates come after Core Security published on Monday details of five vulnerabilities in D-Link’s firmware, which is used in more than a dozen of its products.
D-Link’s IP video cameras can take stills and record video and can be managed through web-based control panels or mobile devices. Core found a range of problems, including hard-coded credentials and authentication issues that could allow an attacker access via the RTSP (real time streaming protocol).
The technical details were posted in the Full Disclosure section of Seclists.org. Some of the products have been phased out by D-Link, according to the company’s website.
