Vulnerabilites related to dlink - dcs-5020l
Vulnerability from fkie_nvd
Published
2018-12-20 23:29
Modified
2024-11-21 03:55
Severity ?
Summary
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-936l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7BA11A-3EA2-4B51-9F1D-CA490309B8F6",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-936l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28203D6B-3BAD-4317-A43E-FB4F7DF6EB6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F19A9B-F477-4288-A4B6-039769204C90",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-8000lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "800EE948-8756-46AD-9B05-7092A87216E0",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-8000lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C39037E2-5703-46C7-AA44-7E8E8FE1DE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-942lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1998AD-B8E2-4725-B50B-86D189DE0442",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED97B580-A1FF-4207-91E2-8B0DAA6B2277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-5222l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6125BC-025C-4407-AC47-414821DB33B1",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4B9CD-6029-4B92-8785-1349292EDD69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-825l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E470C8A-9980-4EDD-B3D1-7B9C93714918",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-825l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "465C691A-5068-474F-9BCF-D3CD99388EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2630l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7F10E-CF1D-4C38-B8C1-F987AFAF77EB",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2630l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E09D0791-AAE2-4D42-A52D-D8755664BC4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-820l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0520A-9E40-45B0-89FE-D0139D0EFFD9",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D9AF38-6CC7-4651-97E7-7E26583021B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-855l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E40374D0-6021-4AF0-946C-CDC556686768",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-855l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3B756F-053B-43F1-B94E-F02E4B6CFB4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2121_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9A5A20-FD4F-4837-A76B-873EF2C24D0D",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1DE485-2705-4394-BC93-0BE99FE02F12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-5222lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68180870-7D72-44E2-AE93-DC7FD03E38C2",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C226B9-0C16-46D2-B169-33D500BFF726",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75848042-1899-41AB-AF25-735F78F91BBA",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6866E6F-BBD2-4C46-8621-466147D0A1B2",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-8100lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD73EB3-82E4-4F47-B4CD-EE71714BC0F0",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-8100lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92B26777-214B-47D8-82F9-FFFF200D2228",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "214CB888-1F26-4DB2-B1E7-4CBCB9F71942",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2B7033-E82D-42C9-BB5F-F32F2E0E4926",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78CD04CA-964A-4D74-B30E-7DC53E1858B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-942lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1998AD-B8E2-4725-B50B-86D189DE0442",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED97B580-A1FF-4207-91E2-8B0DAA6B2277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D43CDA-07AF-41D6-A0DC-A1F550F87901",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A01A5E49-6B5E-4CC5-A4FA-A2E52F31C9BA",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
},
{
"lang": "es",
"value": "Las c\u00e1maras Wi-Fi D-Link Serie DCS exponen informaci\u00f3n sensible relacionada con la configuraci\u00f3n del dispositivo. Los dispositivos afectados incluyen muchos de la serie DCS como: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L y muchos m\u00e1s. Hay muchas versiones de firmware afectadas, comenzando por la 1.00 y siguientes. Se puede acceder de forma remota al archivo de configuraci\u00f3n mediante: Camera-IP/common/info.cgi, sin autenticaci\u00f3n. El archivo de configuraci\u00f3n incluye los siguientes campos: modelo, producto, marca, versi\u00f3n, build, versi\u00f3n de hardware, versi\u00f3n de nipca, nombre del dispositivo, ubicaci\u00f3n, direcci\u00f3n MAC, direcci\u00f3n IP, direcci\u00f3n IP de la puerta de enlace, estado inal\u00e1mbrico, opciones de entrada/salida, altavoz y opciones del sensor."
}
],
"id": "CVE-2018-18441",
"lastModified": "2024-11-21T03:55:56.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T23:29:00.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 10:59
Modified
2024-11-21 03:32
Severity ?
Summary
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | Exploit, Mitigation, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2230l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF503030-B07A-432F-9DBC-2003DBDEFC39",
"versionEndIncluding": "1.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2230l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734A019E-883B-4BE7-AB10-9D50C5C8A8CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2310l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D489F126-1717-44B2-AB54-BE7E6E4FD78F",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2310l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1DE1F9-002A-4EC9-A482-881A91A121AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2332l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCC13A1-D70D-4426-B847-99226E670946",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2332l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D3B4CD-44F9-46D1-870E-5429D73ECCEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-6010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF861B2D-7E7A-4056-A0B9-3F739A4485B1",
"versionEndIncluding": "1.15.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-6010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71C9F4DA-5433-42A8-B321-C2B6CD88822C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-7010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98BE2B94-BAE6-4F60-8347-D065DD2A3F0D",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-7010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F88405D4-6FB3-4E30-B6E8-48F6039FDECD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3691A9F1-647D-40D8-80C8-399EF01A9A4C",
"versionEndIncluding": "1.00.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2530l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A05FF4-4847-41C2-946A-F8043481E11F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C37B4A-C985-4449-AF18-57948CDBE39C",
"versionEndIncluding": "1.15.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D370AB5-388C-4368-B679-51CFBA8D5294",
"versionEndIncluding": "2.13.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38BC9948-BF0A-4A1C-9562-4B36E53CC97A",
"versionEndIncluding": "1.13.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9787F3F-4454-4B37-BADE-D700D14C63B2",
"versionEndIncluding": "2.13.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-934l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D6B86A-5F52-44C1-A7C7-2B970CDFF6E7",
"versionEndIncluding": "1.04.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-934l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E24CC28E-1446-48A3-83FD-ED135D5C8C6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74070833-5E71-47CF-8F02-6D97FCCB55FB",
"versionEndIncluding": "1.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804D8789-BE83-46F2-8EFB-50C7D2C14823",
"versionEndIncluding": "2.11.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "117AF393-E45E-4A89-B308-7BEF5979D006",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1F2866-F7C1-4EC5-8C46-3DE78CD04AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "486B9DE3-4CB3-48BA-9F3A-A486179FC782",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5009l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59E19806-A378-456E-9F3E-54CE6B519E1B",
"versionEndIncluding": "1.07.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5009l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B932DF47-F157-445E-8C52-0AAF1377E5C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EECBA0D6-CBEA-46C2-8ED9-571531F22408",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D57DC437-96C8-41BD-8120-1949BFD3A8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9150CEBC-2762-4376-BBBE-A13A4BFF17FA",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5000l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E927400D-887A-4F12-B671-672D0FEC4DB7",
"versionEndIncluding": "1.02.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397F0BCA-7A8B-43A1-939D-27127384228D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5025l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D407D08-9881-47BA-9C84-32581E84D38B",
"versionEndIncluding": "1.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5025l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B9D7B6-8185-4A44-88B6-2DE8937539A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174E05E4-DE3D-4A2C-BEC7-C171E0BE28AF",
"versionEndIncluding": "1.01.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2210l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC05AE2-089F-4FA5-A7E7-31B6AA9D5F7B",
"versionEndIncluding": "1.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2210l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4773DB8-F8ED-4841-8861-570D9A49E08F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2136l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DF2031-114C-4A20-A45A-F2A89B422064",
"versionEndIncluding": "1.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2136l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12486E64-E79B-4A3A-B1C6-2E3C33D8B299",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2132l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB304076-7631-48EA-ABF0-F541C341ECBC",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2132l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5F1984-B87D-400C-A9FE-8543C40986B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-7000l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E305FA72-FC97-4AA0-9508-D8B8961A511C",
"versionEndIncluding": "1.04.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-7000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A989B0-848F-48C4-A14A-098FD6007DF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-6212l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706DA20A-8EF6-4B64-B486-07CDC9F25DB1",
"versionEndIncluding": "1.00.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-6212l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B662B4-2A1D-4ECB-9B71-BC6B6524625C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5029l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECC1DA1-433C-4A40-A00E-5CBADA21D2FE",
"versionEndIncluding": "1.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5029l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73E1F0F-71E7-4108-A3E9-34A70351DC05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2310l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19717483-8BBE-4313-AC13-5D56EEB6084D",
"versionEndIncluding": "2.03.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2310l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1DE1F9-002A-4EC9-A482-881A91A121AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2330l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AB59BB-3D79-45BF-9AA3-62C44A7F25E7",
"versionEndIncluding": "1.13.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2330l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9A8D3B-14B8-4CF7-8339-6504A21B7E98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2132l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E216B5-995F-4AA0-83EC-99AD9B87F582",
"versionEndIncluding": "2.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2132l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5F1984-B87D-400C-A9FE-8543C40986B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5222l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED5E89C-1745-4C93-A891-F6C819C9E7B7",
"versionEndIncluding": "2.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4B9CD-6029-4B92-8785-1349292EDD69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
},
{
"lang": "es",
"value": "Las c\u00e1maras DCS de D-Link tienen un archivo CrossDomain.XML d\u00e9bil/inseguro que permite a los sitios que alojan objetos Flash maliciosos acceder y/o cambiar la configuraci\u00f3n del dispositivo a trav\u00e9s de un ataque CSRF. Esto se debe a que el elemento secundario \u0027allow-access-from domain\u0027 se establece en *, aceptando as\u00ed peticiones de cualquier dominio. Si una v\u00edctima conectada a la consola web de la c\u00e1mara visita un sitio malicioso que aloja un archivo Flash malicioso desde otra pesta\u00f1a Navegador, el archivo Flash malicioso puede enviar solicitudes a la Camera de la serie DCS de la v\u00edctima sin conocer las credenciales. Un atacante puede alojar un archivo Flash malicioso que puede recuperar Live Feeds o informaci\u00f3n de la Camera de la serie DCS de la v\u00edctima, a\u00f1adir nuevos usuarios de administraci\u00f3n o realizar otros cambios en el dispositivo. Los dispositivos afectados conocidos son DCS-933L con firmware en versiones anteriores a 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L y DCS-932LB1."
}
],
"id": "CVE-2017-7852",
"lastModified": "2024-11-21T03:32:48.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T10:59:00.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-01 16:29
Modified
2024-11-21 03:17
Severity ?
Summary
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-5009_firmware | * | |
| dlink | dcs-5009 | - | |
| dlink | dcs-5010_firmware | * | |
| dlink | dcs-5010 | - | |
| dlink | dcs-5020l_firmware | * | |
| dlink | dcs-5020l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5009_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C903D2-CBE0-40D8-B9B1-F8EA4FAB9CD7",
"versionEndIncluding": "1.08.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5009:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FCD9B-6546-4FB2-9867-FC4D7AB36A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5010_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB172849-0BBE-464E-8927-8BE78241C4D5",
"versionEndIncluding": "1.14.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE256639-E8D7-47C7-9B8D-8267469567AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0EC7C9D-950F-443C-B2B5-065A7BEEECA8",
"versionEndIncluding": "1.14.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera\u0027s web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system."
},
{
"lang": "es",
"value": "En dispositivos D-Link DCS-5009 con firmware 1.08.11 y anterior, dispositivos DCS-5010 con firmware 1.14.09 y anterior y dispositivos DCS-5020L con firmware anterior a 1.15.01, la inyecci\u00f3n de comandos en alphapd (binario responsable de ejecutar el servidor web de la c\u00e1mara) permite que los atacantes remotos autenticados ejecuten c\u00f3digo al pasar entradas saneadas de usuario /setSystemAdmin en el campo AdminID directamente a una llamada al sistema."
}
],
"id": "CVE-2017-17020",
"lastModified": "2024-11-21T03:17:21.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-01T16:29:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-06 20:29
Modified
2024-11-21 04:20
Severity ?
Summary
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-930l_firmware | * | |
| dlink | dcs-930l | - | |
| dlink | dcs-931l_firmware | * | |
| dlink | dcs-931l | - | |
| dlink | dcs-932l_firmware | * | |
| dlink | dcs-932l | - | |
| dlink | dcs-933l_firmware | * | |
| dlink | dcs-933l | - | |
| dlink | dcs-934l_firmware | * | |
| dlink | dcs-934l | - | |
| dlink | dcs-5009l_firmware | * | |
| dlink | dcs-5009l | - | |
| dlink | dcs-5010l_firmware | * | |
| dlink | dcs-5010l | - | |
| dlink | dcs-5020l_firmware | * | |
| dlink | dcs-5020l | - | |
| dlink | dcs-5025l_firmware | * | |
| dlink | dcs-5025l | - | |
| dlink | dcs-5030l_firmware | * | |
| dlink | dcs-5030l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43D81A6-FAF0-42C0-850E-12258BC2FFFC",
"versionEndIncluding": "2.16.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87BFDCBA-BFFA-4901-810E-2161B86825A6",
"versionEndIncluding": "1.14.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1F2866-F7C1-4EC5-8C46-3DE78CD04AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B961379-BEA7-441C-BFD9-77278D36E6AC",
"versionEndIncluding": "2.17.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C282C-53EB-41C0-A5AC-A7DCD8BD520F",
"versionEndIncluding": "1.14.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-934l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A23B-E582-44D4-AD09-AD5C83184E99",
"versionEndIncluding": "1.05.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-934l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E24CC28E-1446-48A3-83FD-ED135D5C8C6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5009l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "002EEE1D-DE0C-499A-BE6B-14AF2A9CD0D2",
"versionEndIncluding": "1.08.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5009l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B932DF47-F157-445E-8C52-0AAF1377E5C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFCCE20-D8D4-4DF3-8629-06FE695F124D",
"versionEndIncluding": "1.14.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D57DC437-96C8-41BD-8120-1949BFD3A8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF7392E-B671-416A-8CAB-EA1B57AD89F2",
"versionEndIncluding": "1.15.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5025l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC9555B-16C3-44B2-A462-E56CDB988773",
"versionEndIncluding": "1.03.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5025l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B9D7B6-8185-4A44-88B6-2DE8937539A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95C4DA13-FD90-4E6B-9A1C-F5562F6E0A9C",
"versionEndIncluding": "1.04.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
},
{
"lang": "es",
"value": "Las series DCS de D-Link de c\u00e1maras Wi-Fi contienen una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en alphapd, el servidor web de la c\u00e1mara. El desbordamiento permite a un atacante autenticado de forma remota ejecutar c\u00f3digo arbitrario proporcionando una cadena larga en el par\u00e1metro WEPEncryption cuando solicita wireless.htm. Los dispositivos vulnerables incluyen DCS-5009L (1.08.11 y anteriores), DCS-5010L (1.14.09 y anteriores), DCS-5020L (1.15.12 y anteriores), DCS-5025L (1.03.07 y anteriores), DCS-5030L (1.04).10 y anteriores), DCS-930L (2.16.01 y anteriores), DCS-931L (1.14.11 y anteriores), DCS-932L (2.17.01y anteriores), DCS-933L (1.14.11 y anteriores) y DCS-934L (1.05.04 y anteriores)."
}
],
"id": "CVE-2019-10999",
"lastModified": "2024-11-21T04:20:19.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-06T20:29:01.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"source": "cve@mitre.org",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-17020
Vulnerability from cvelistv5
Published
2018-05-01 16:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/ | x_refsource_MISC | |
| http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera\u0027s web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera\u0027s web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/",
"refsource": "MISC",
"url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"
},
{
"name": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084",
"refsource": "CONFIRM",
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17020",
"datePublished": "2018-05-01T16:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7852
Vulnerability from cvelistv5
Published
2017-04-24 10:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:28.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-24T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7852",
"datePublished": "2017-04-24T10:00:00",
"dateReserved": "2017-04-13T00:00:00",
"dateUpdated": "2024-08-05T16:19:28.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10999
Vulnerability from cvelistv5
Published
2019-05-06 19:30
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzywalls/CVE-2019-10999 | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T14:07:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzywalls/CVE-2019-10999",
"refsource": "MISC",
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10999",
"datePublished": "2019-05-06T19:30:57",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18441
Vulnerability from cvelistv5
Published
2018-12-20 22:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/",
"refsource": "MISC",
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18441",
"datePublished": "2018-12-20T22:00:00",
"dateReserved": "2018-10-17T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201812-0065
Vulnerability from variot
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: /common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. / Output settings, speaker and sensor settings information, etc. D-Link DCS-936L, etc. The following products are affected: D-Link DCS-936L; DCS-942L; DCS-8000LH; DCS-942LB1; 5222LB1; DCS-5020L, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-936l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-942l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-8000lh",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-942lb1",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5222l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-825l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2630l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-820l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-855l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2121",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-930l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-5030l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-933l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-5222l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-936l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-825l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-2630l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-942lb1",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-5222lb1",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-8100lh",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-932l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-2102",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-942l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-5020l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-820l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-2121",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-8000lh",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-855l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-5222lb1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5020l",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 942lb1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 936l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2121",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5222lb1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5020l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 930l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 8100lh",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 932l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2102",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 933l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5030l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 942l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 8000lh",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5222l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 825l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2630l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 820l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 855l",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dcs-2121_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2630l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5222l__firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-8000lh_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-820l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-825l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-855l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-936l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-942l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-942lb1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
}
]
},
"cve": "CVE-2018-18441",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-18441",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-26797",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d831f62-463f-11e9-8196-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-129001",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-18441",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18441",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-18441",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-26797",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-968",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. / Output settings, speaker and sensor settings information, etc. D-Link DCS-936L, etc. The following products are affected: D-Link DCS-936L; DCS-942L; DCS-8000LH; DCS-942LB1; 5222LB1; DCS-5020L, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-129001"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18441",
"trust": 3.3
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-26797",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D831F62-463F-11E9-8196-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-129001",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"id": "VAR-201812-0065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
}
],
"trust": 1.5519531171428573
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
}
]
},
"last_update_date": "2024-11-23T22:41:38.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18441"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18441"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-28T00:00:00",
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"date": "2018-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"date": "2018-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-129001"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"date": "2018-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"date": "2018-12-20T23:29:00.707000",
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"date": "2019-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-129001"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"date": "2024-11-21T03:55:56.640000",
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link DCS series Product Wi-Fi Information disclosure vulnerability in cameras",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
}
],
"trust": 0.6
}
}
var-201805-0206
Vulnerability from variot
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. D-Link DCS-5009 , DCS-5010 ,and DCS-5020L The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DCS-5009, DCS-5010 and DCS-5020L are all different types of network camera products from D-Link. Alphapd is one of the web servers. A remote code execution vulnerability exists in D-LinkDCS-5009 with firmware version 1.08.11 and earlier, DCS-5010 with firmware version 1.14.09 and earlier, and alphapd in DCS-5020L with firmware prior to 1.15.01
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-5020l",
"scope": "lt",
"trust": 1.4,
"vendor": "d link",
"version": "1.15.01"
},
{
"model": "dcs-5020l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14.09"
},
{
"model": "dcs-5009",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.11"
},
{
"model": "dcs-5010",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14.09"
},
{
"model": "dcs-5009l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.08.11"
},
{
"model": "dcs-5010l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14.09"
},
{
"model": "dcs-5009",
"scope": "lte",
"trust": 0.6,
"vendor": "d link",
"version": "\u003c=1.08.11"
},
{
"model": "dcs-5010",
"scope": "lte",
"trust": 0.6,
"vendor": "d link",
"version": "\u003c=1.14.09"
},
{
"model": "dcs-5010",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.14.09"
},
{
"model": "dcs-5009",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.08.11"
},
{
"model": "dcs-5020l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.14.09"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-022"
},
{
"db": "NVD",
"id": "CVE-2017-17020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dcs-5009l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5020l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
}
]
},
"cve": "CVE-2017-17020",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-17020",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-10226",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-108001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-17020",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17020",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-17020",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-10226",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-022",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-108001",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-17020",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"db": "VULHUB",
"id": "VHN-108001"
},
{
"db": "VULMON",
"id": "CVE-2017-17020"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-022"
},
{
"db": "NVD",
"id": "CVE-2017-17020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera\u0027s web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. D-Link DCS-5009 , DCS-5010 ,and DCS-5020L The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DCS-5009, DCS-5010 and DCS-5020L are all different types of network camera products from D-Link. Alphapd is one of the web servers. A remote code execution vulnerability exists in D-LinkDCS-5009 with firmware version 1.08.11 and earlier, DCS-5010 with firmware version 1.14.09 and earlier, and alphapd in DCS-5020L with firmware prior to 1.15.01",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17020"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"db": "VULHUB",
"id": "VHN-108001"
},
{
"db": "VULMON",
"id": "CVE-2017-17020"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17020",
"trust": 3.2
},
{
"db": "DLINK",
"id": "SAP10084",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-022",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-10226",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108001",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17020",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"db": "VULHUB",
"id": "VHN-108001"
},
{
"db": "VULMON",
"id": "CVE-2017-17020"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-022"
},
{
"db": "NVD",
"id": "CVE-2017-17020"
}
]
},
"id": "VAR-201805-0206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"db": "VULHUB",
"id": "VHN-108001"
}
],
"trust": 1.3565656666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10226"
}
]
},
"last_update_date": "2024-11-23T21:38:58.614000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DCS-5020L/5010L/5009L :: CVE-2017-17020 Authenticated RCE vulnerability",
"trust": 0.8,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10084"
},
{
"title": "Patch for D-LinkDCS-5009, DCS-5010, and DCS-5020L Remote Code Execution Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/130047"
},
{
"title": "D-Link DCS-5009 , DCS-5010 and DCS-5020L Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79767"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-022"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108001"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"db": "NVD",
"id": "CVE-2017-17020"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10084"
},
{
"trust": 1.8,
"url": "https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17020"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17020"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142922"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"db": "VULHUB",
"id": "VHN-108001"
},
{
"db": "VULMON",
"id": "CVE-2017-17020"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-022"
},
{
"db": "NVD",
"id": "CVE-2017-17020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"db": "VULHUB",
"id": "VHN-108001"
},
{
"db": "VULMON",
"id": "CVE-2017-17020"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-022"
},
{
"db": "NVD",
"id": "CVE-2017-17020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"date": "2018-05-01T00:00:00",
"db": "VULHUB",
"id": "VHN-108001"
},
{
"date": "2018-05-01T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17020"
},
{
"date": "2018-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"date": "2018-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-022"
},
{
"date": "2018-05-01T16:29:00.210000",
"db": "NVD",
"id": "CVE-2017-17020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10226"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108001"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17020"
},
{
"date": "2018-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013386"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-022"
},
{
"date": "2024-11-21T03:17:21.780000",
"db": "NVD",
"id": "CVE-2017-17020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Command injection vulnerability in product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013386"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-022"
}
],
"trust": 0.6
}
}
var-201704-1588
Vulnerability from variot
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. plural D-Link DCS The camera contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDCS-933L is a wireless surveillance camera device from D-Link. There are security holes in several D-LinkDCS cameras. D-Link DCS-933L, etc. The following products are affected: D-Link DCS-5030L; DCS-5020L; DCS-2530L; DCS-2630L;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-931l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.05"
},
{
"model": "dcs-933l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.05"
},
{
"model": "dcs-2136l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04.01"
},
{
"model": "dcs-6212l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00.12"
},
{
"model": "dcs-2132l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.12.00"
},
{
"model": "dcs-942l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.27"
},
{
"model": "dcs-5029l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12.00"
},
{
"model": "dcs-5000l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02.02"
},
{
"model": "dcs-5009l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.07.05"
},
{
"model": "dcs-2530l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00.21"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.04"
},
{
"model": "dcs-942l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.11.03"
},
{
"model": "dcs-6010l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15.01"
},
{
"model": "dcs-2332l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.01"
},
{
"model": "dcs-5010l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.05"
},
{
"model": "dcs-2310l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.01"
},
{
"model": "dcs-5030l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01.06"
},
{
"model": "dcs-7010l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.01"
},
{
"model": "dcs-930l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15.04"
},
{
"model": "dcs-2210l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03.01"
},
{
"model": "dcs-2132l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.01"
},
{
"model": "dcs-2230l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03.01"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.13.15"
},
{
"model": "dcs-5020l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.05"
},
{
"model": "dcs-7000l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04.00"
},
{
"model": "dcs-5222l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.12.00"
},
{
"model": "dcs-934l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04.15"
},
{
"model": "dcs-930l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.13.15"
},
{
"model": "dcs-5025l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02.10"
},
{
"model": "dcs-2330l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.00"
},
{
"model": "dcs-2310l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.03.00"
},
{
"model": "dcs-2132l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2136l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2210l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2230l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2310l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2330l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2332l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2530l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5000l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5009l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5010l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5020l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5025l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5029l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5030l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5222l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-6010l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-6212l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-7000l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-7010l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-930l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-931l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-932l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-933l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-934l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-942l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-933l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-5030l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-5020l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-2530l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-2630l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-7000l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.04.00"
},
{
"model": "dcs-2136l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.04.01"
},
{
"model": "dcs-5000l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02.02"
},
{
"model": "dcs-5029l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.12.00"
},
{
"model": "dcs-2310l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.03.00"
},
{
"model": "dcs-2330l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.00"
},
{
"model": "dcs-2132l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.12.00"
},
{
"model": "dcs-2132l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.08.01"
},
{
"model": "dcs-2210l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03.01"
},
{
"model": "dcs-5025l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 932l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 942l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 2310l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 2132l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 930l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2230l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 934l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 931l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 933l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5009l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5010l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5020l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5000l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5025l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5030l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2210l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2136l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 7000l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 6212l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5222l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5029l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2332l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2330l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 6010l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 7010l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2530l",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dcs-2132l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2136l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2210l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2230l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2310l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2330l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2332l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2530l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5000l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5009l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5020l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5025l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5029l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5030l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5222l__firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-6010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-6212l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-7000l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-7010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-930l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-931l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-932l_camera_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-933l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-934l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-942l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
}
]
},
"cve": "CVE-2017-7852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-7852",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-06729",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-116055",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7852",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7852",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7852",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-06729",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-783",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116055",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. plural D-Link DCS The camera contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDCS-933L is a wireless surveillance camera device from D-Link. There are security holes in several D-LinkDCS cameras. D-Link DCS-933L, etc. The following products are affected: D-Link DCS-5030L; DCS-5020L; DCS-2530L; DCS-2630L;",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7852"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "VULHUB",
"id": "VHN-116055"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-116055",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116055"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7852",
"trust": 3.3
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-06729",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648",
"trust": 0.8
},
{
"db": "IVD",
"id": "76B829DA-D734-4842-BAE5-3DD9FF5F23DC",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "42074",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142702",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-116055",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"id": "VAR-201704-1588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
}
],
"trust": 1.575429490909091
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
}
]
},
"last_update_date": "2024-11-23T21:54:06.989000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://us.dlink.com/"
},
{
"title": "Patch for D-LinkDCS Cross-site Forgery Request Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93817"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7852"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7852"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-16T00:00:00",
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"date": "2017-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"date": "2017-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-116055"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"date": "2017-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"date": "2017-04-24T10:59:00.160000",
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"date": "2017-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-116055"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"date": "2024-11-21T03:32:48.153000",
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link DCS Cross-site request forgery vulnerability in camera",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
}
],
"trust": 0.6
}
}
var-201905-1066
Vulnerability from variot
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). plural D-Link DCS series Product Wi-Fi camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DCS-5009L and so on are all DCS series IP cameras produced by Taiwan D-Link Company. Alphapd in several D-Link products has a stack-based buffer overflow vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: D-Link DCS-5009L 1.08.11 and earlier; DCS-5010L 1.14.09 and earlier; DCS-5020L 1.15.12 and earlier; DCS-5025L 1.03.07 and earlier; DCS-5030L 1.04.10 and earlier; DCS-930L 2.16.01 and earlier; DCS-931L 1.14.11 and earlier; DCS-932L 2.17.01 and earlier; DCS-933L 1.14.11 and earlier; DCS-934L 1.05.04 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-934l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05.04"
},
{
"model": "dcs-5030l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04.10"
},
{
"model": "dcs-5009l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.11"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.17.01"
},
{
"model": "dcs-931l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14.11"
},
{
"model": "dcs-933l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14.11"
},
{
"model": "dcs-5025l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03.07"
},
{
"model": "dcs-930l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.16.01"
},
{
"model": "dcs-5010l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14.09"
},
{
"model": "dcs-5020l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15.12"
},
{
"model": "dcs-5009l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.08.11"
},
{
"model": "dcs-5010l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14.09"
},
{
"model": "dcs-5020l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.15.12"
},
{
"model": "dcs-5025l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.03.07"
},
{
"model": "dcs-5030l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.04.10"
},
{
"model": "dcs-930l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.16.01"
},
{
"model": "dcs-931l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14.11"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.17.01"
},
{
"model": "dcs-933l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14.11"
},
{
"model": "dcs-934l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.05.04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dcs-5009l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5020l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5025l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5030l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-930l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-931l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-932l_camera_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-933l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-934l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
}
]
},
"cve": "CVE-2019-10999",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-10999",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-142601",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-10999",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10999",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10999",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-138",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142601",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-10999",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). plural D-Link DCS series Product Wi-Fi camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DCS-5009L and so on are all DCS series IP cameras produced by Taiwan D-Link Company. Alphapd in several D-Link products has a stack-based buffer overflow vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: D-Link DCS-5009L 1.08.11 and earlier; DCS-5010L 1.14.09 and earlier; DCS-5020L 1.15.12 and earlier; DCS-5025L 1.03.07 and earlier; DCS-5030L 1.04.10 and earlier; DCS-930L 2.16.01 and earlier; DCS-931L 1.14.11 and earlier; DCS-932L 2.17.01 and earlier; DCS-933L 1.14.11 and earlier; DCS-934L 1.05.04 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10999",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10131",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142601",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-10999",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"id": "VAR-201905-1066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
}
],
"trust": 0.7245163080000001
},
"last_update_date": "2024-11-23T22:12:01.266000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
},
{
"title": "CVE-2019-10999",
"trust": 0.1,
"url": "https://github.com/qjh2333/CVE-2019-10999 "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/fuzzywalls/cve-2019-10999"
},
{
"trust": 1.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10131"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10999"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/qjh2333/cve-2019-10999"
},
{
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-142601"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"date": "2019-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"date": "2019-05-06T20:29:01.210000",
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142601"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"date": "2024-11-21T04:20:19.520000",
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link DCS series Product Wi-Fi camera Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
}
],
"trust": 0.6
}
}