Support Announcements
Zscalar :: IoT Device weaknesses :: DNR-202L Weak Password and use of HTTP in home...

General :: Updated 11/23 2:00PM PST

 

D-Link DNR is a Camera Recorder to simultaneously stream, record and playback upto 4 D-Link Wi-Fi camera to provide home or small business security.

 

Zscalar reported the device could be susceptible to malicious attacks because weak default credentials and communication over HTTP makes the communication susceptible to sniffing and MiTM attacks.

 

The main security concern is the ability of malicious attackers to gain administrator access to the DNR-202L NVR. D-Link has released DNR-202L V2.04 firmware to mitigate this type of attack.

 

The new V2.04 DNR-202L firmware will force users to change their administrator passwords immediately to a strong password which includes a mix of numbers, letters, and symbols, as a further preventative measure against malicious network intrusions when users first login to DNR-202L WEB GUI.

 

The user name and password have encrypted even though it’s communication by HTTP protocol. The HTTP protocol is only used when when a user connect with DNR-202L WEB GUI, not during normal operation.

 

Users can download the DNR-202L V2.04 firmware from mydlink web site. (https://www.mydlink.com/) which will have detailed instructions  or experienced users can download it here.