CVE-2010-4965

Vulnerability

The D-Link DCS-2121 surveillance camera running firmware version 1.04 has a hardcoded password of 'admin' for the root account, stored in /etc/rc.d/rc.local [1]. This configuration file sets a static password for the root user, which is then used by the telnet daemon that runs by default. The vulnerability exposes the device to remote attackers who can leverage the weak credential to gain unauthorized access.

Exploitation

An attacker needs only network connectivity to the camera's telnet server, which is typically accessible on port 23. No prior authentication or user interaction is required. The attacker can simply connect via telnet and log in as root with the password 'admin' [1]. The reference demonstrates that the firmware image can be extracted and analyzed to discover the hardcoded password, confirming the ease of exploitation.

Impact

Successful exploitation grants the attacker a root shell on the device, providing full control over the camera's operating system. This leads to complete compromise of confidentiality, integrity, and availability: the attacker can view video feeds, modify device settings, install malicious software, or use the camera as a pivot point within the network [1].

Mitigation

No official patch or firmware update addressing this vulnerability was disclosed in the available reference [1]. Users of the D-Link DCS-2121 with firmware 1.04 should consider isolating the device on a separate network segment, disabling telnet if possible, or replacing the device with a model that receives security updates. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.