Support Announcements
DCS-2132L :: ESET accuse camera of Man-in-the-Middle Vulnerabilities

 

Overview


Cybersecurity company ESET recently disclosed some vulnerabilities in D-Link’s DCS-2312L that could allow a malicious user to access the camera. D-Link is aware of the reported security issue and has been working diligently to investigate and resolve the issues. Some of the vulnerabilities have already been addressed in the currently available firmware version. We will provide updates as soon as we have more information.


D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the mydlink website for updates.

 

Disclosure

  

 

Affected Products


Currently, D-Link has been informed that the following D-Link Branded Devices may be affected:

 

·       DCS-2132L

 

Recommendations

 

Please use the mydlink mobile application to update the camera to the latest firmware which does address some of the the issues mentioned in the report.

We are working on a firmware and app update to resolve the following: insufficient cloud messages authentication, unencrypted LAN communication, and old_wpa supplicant version. Please check regularly to make sure you have the latest firmware and app versions.

 

As for the issue of unencrypted cloud communication, D-Link has determined that the risk is low unless the user’s network, mobile device, or ISP has already been compromised.

 

To mitigate the risks, we strongly encourage our users to do the following:

 

1.       Use strong wireless encryption and passwords on all your devices

2.       Never connect to untrusted wireless networks

3.       Use good judgement when installing mobile applications; do not install those with unknown or untrusted certificates