• October 31, 2024, 10:31:27 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Heartbleed OpenSSL Vulnerability  (Read 17669 times)

ReverendTed

  • Level 3 Member
  • ***
  • Posts: 113
Heartbleed OpenSSL Vulnerability
« on: April 09, 2014, 11:50:14 AM »

Does the Heartbleed vulnerability in OpenSSL impact DCS-series IP cameras?
If so, is a fix planned?
Was this related to the recent firmware security update issued for several of the cameras?

Update 04/11/2014:  The following reply was posted by an admin and contains a link to the D-Link "Heartbleed OpenSSL Vulnerability Security Publication" that lists all affected D-Link products and the status of any necessary fixes:

Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.  We will continue to update this page to include the relevant product firmware updates addressing these concerns.

Some information can now be found on our Security Advisories site with more updates on which products are affected coming soon.

D-Link Security Advisories
http://securityadvisories.dlink.com/security/

Heartbleed OpenSSL Vulnerability Security Publication
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10022

Also: XKCD had a fun little strip that explains the vulnerability in very simple terms.  (Typical missing bounds check overrun vulnerability.)
« Last Edit: April 11, 2014, 08:49:33 PM by ReverendTed »
Logged

JavaLawyer

  • BETA Tester
  • Level 15 Member
  • *
  • Posts: 12190
  • D-Link Global Forum Moderator
    • FoundFootageCritic
Re: Heartbleed OpenSSL Vulnerability
« Reply #1 on: April 09, 2014, 12:05:05 PM »

Good question. I've already asked D-Link and will let you know what I find out.  ;)
Logged
Find answers here: D-Link ShareCenter FAQ I D-Link Network Camera FAQ
There's no such thing as too many backups FFC

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Heartbleed OpenSSL Vulnerability
« Reply #2 on: April 09, 2014, 01:09:28 PM »

Yes, WE will!  ;D

Please be patient while we wait for information.

If users are concerned about this issue, we recommend  immediately phone contacting your regional D-Link support office and ask for help and information. We find that phone contact has better immediate results over using email.

« Last Edit: April 09, 2014, 01:17:33 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

RYAT3

  • Level 10 Member
  • *****
  • Posts: 2254
Re: Heartbleed OpenSSL Vulnerability
« Reply #3 on: April 09, 2014, 03:20:26 PM »


Was this related to the recent firmware security update issued for several of the cameras?

No. That was related to generating a self signed certificate.

Link
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10010
« Last Edit: April 09, 2014, 08:52:10 PM by RYAT3 »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Kakashi::.

  • Level 3 Member
  • ***
  • Posts: 270
Re: Heartbleed OpenSSL Vulnerability
« Reply #5 on: April 10, 2014, 09:04:43 PM »

Security and performance is of the utmost importance to D-Link across all product lines. This is not just through the development process but also through regular firmware updates to comply with the current safety and quality standards. We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.  We will continue to update this page to include the relevant product firmware updates addressing these concerns.

More detailed information can be found on our Security Advisories website with more updates on which products are affected coming soon.

D-Link Security Advisories
http://securityadvisories.dlink.com/security/

Heartbleed OpenSSL Vulnerability Security Publication
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10022

« Last Edit: April 16, 2014, 04:32:45 PM by Kakashi::. »
Logged

ReverendTed

  • Level 3 Member
  • ***
  • Posts: 113
Re: Heartbleed OpenSSL Vulnerability
« Reply #6 on: April 11, 2014, 08:35:11 PM »

Whoa.  I've...I've never actually seen an Admin!  

Also, thanks for the update.  I've updated my first post in this thread with your reply, to make it easier for other concerned parties to find it.

Also also: XKCD had a fun little strip that explains the vulnerability in very simple terms.  (Typical missing bounds check overrun vulnerability.)
« Last Edit: April 11, 2014, 08:47:08 PM by ReverendTed »
Logged

ReverendTed

  • Level 3 Member
  • ***
  • Posts: 113
Re: Heartbleed OpenSSL Vulnerability
« Reply #7 on: April 16, 2014, 03:39:25 PM »

Encouraging to see that so far no D-Link products have been found to be affected, though the DCS-series cameras are still listed as "Under Investigation" as of 4/16/2014.
Logged

JavaLawyer

  • BETA Tester
  • Level 15 Member
  • *
  • Posts: 12190
  • D-Link Global Forum Moderator
    • FoundFootageCritic
Re: Heartbleed OpenSSL Vulnerability
« Reply #8 on: April 17, 2014, 10:29:38 AM »

D-Link published that the Heartbleed Bug does not affect to the following services/applications:

  • mydlink cloud portal and service
  • mydlink iOS Mobile Applications (All Versions)
  • mydlink Android Mobile Applications (All Versions)

OpenSSL Security Vulnerability - aka. "Heartbleed Bug" - CVE-2014-0160 - Security Incident Response for D-Link Devices and Services
« Last Edit: October 17, 2014, 07:24:58 AM by FurryNutz »
Logged
Find answers here: D-Link ShareCenter FAQ I D-Link Network Camera FAQ
There's no such thing as too many backups FFC

JavaLawyer

  • BETA Tester
  • Level 15 Member
  • *
  • Posts: 12190
  • D-Link Global Forum Moderator
    • FoundFootageCritic
Re: Heartbleed OpenSSL Vulnerability
« Reply #9 on: April 22, 2014, 07:12:44 AM »

Update: D-Link published that the Heartbleed Bug does not affect to the following hardware/services/applications:

  • D-Link Cloud Cameras (Exception: DCS-940L is under investigation)
  • D-Link ShareCenters (Exception: DNS-327L FW v1.01, Fix in development)
  • D-Link Network Video Recorders
  • mydlink cloud portal and service
  • mydlink iOS Mobile Applications (All Versions)
  • mydlink Android Mobile Applications (All Versions)

OpenSSL Security Vulnerability - aka. "Heartbleed Bug" - CVE-2014-0160 - Security Incident Response for D-Link Devices and Services
« Last Edit: October 17, 2014, 07:24:45 AM by FurryNutz »
Logged
Find answers here: D-Link ShareCenter FAQ I D-Link Network Camera FAQ
There's no such thing as too many backups FFC

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Heartbleed OpenSSL Vulnerability
« Reply #10 on: April 22, 2014, 07:16:36 AM »

 ;D
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.