-- via my feedly newsfeed
Researchers at Senrio have released technical details surrounding a vulnerability in D-Link products, which if exploited, would allow a remote attacker full access to the devices. After being notified earlier this year, D-Link has promised to deliver fixes.
In June, Senrio briefly described the issue on their company blog, and while they used their own custom tools, an attacker could replicate their work in order to target a vulnerable product.
"The vulnerability allows code injection which lets the attacker set a custom password, granting remote access to the camera feed. Thus, even if users create a strong password, this type of exploit can override it. Instead of setting a new password as the exploit, an attacker could just as easily add a new user with administrator access, download firmware or otherwise re-configure this device," June's post explained.