Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[pish180]

Perhaps I'm expecting a bit much but why is the security of this firmware so poor? It's a security camera which should be secure...? 

My gripes:
You can't specifically use HTTPS and disable HTTP. 
Where is the SSH support? ... Telnet, who uses telnet still, it's 2013 we use encryption now?
I ran a scan against the device and it has several high ports open, not sure why... 
Can you change the logon message prompt?  It displays: "The Server <YOURHOSTNAME.COM> at DCS-5020L requires a username or password.  Anybody can look up the model number and find the default username/password (which you can't disable in the firmware).

[RoughRiver]

I'm with you on this. There are several security related issues in the Wishlist. Add any missing content to that thread - it can only help our common cause.

As you state, the built-in admin account can't be disabled, but of course, the password can be changed. Still, not as good as being able to disable the account entirely.

[pish180]

I'll try to get my list of things together.. Knowing Dlink though... I'm in doubt that they will actually release another firmware to fix this.  Not sure what the EOL is on this unit but I think their security camera's have rather quick EOL (end of life) due to new rapidly developing hardware and designs.