SingCERT has received information on vulnerable D-Link DCS-2530L Internet Protocol (IP) cameras in Singapore.
These vulnerabilities are:
CVE-2020-25078 — Allows an unauthenticated attacker to gain access to the remote administrator password of the device.
CVE-2020-25079 — Allows authenticated users to inject and execute arbitrary system commands.
All versions prior to and including v1.05.05 are affected by these vulnerabilities. Users of the affected products are advised to upgrade to the latest firmware immediately.
The Cyber Security Agency of Singapore’s Cybersecurity Labelling Scheme for consumer smart devices, such as smart home hubs and Wi-Fi routers, helps consumers identify products with better cybersecurity provisions. For more information on this scheme, visit: https://go.gov.sg/csa-cls
More information is available here: