Vulnerabilites related to dlink - dcs-5029l_firmware
cve-2017-7852
Vulnerability from cvelistv5
Published
2017-04-24 10:00
Modified
2024-08-05 16:19
Severity ?
Summary
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:28.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-24T06:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7852",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf",
              "refsource": "MISC",
              "url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7852",
    "datePublished": "2017-04-24T10:00:00",
    "dateReserved": "2017-04-13T00:00:00",
    "dateUpdated": "2024-08-05T16:19:28.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2017-04-24 10:59
Modified
2024-11-21 03:32
Summary
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2230l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF503030-B07A-432F-9DBC-2003DBDEFC39",
              "versionEndIncluding": "1.03.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2230l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "734A019E-883B-4BE7-AB10-9D50C5C8A8CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2310l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D489F126-1717-44B2-AB54-BE7E6E4FD78F",
              "versionEndIncluding": "1.08.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2310l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1DE1F9-002A-4EC9-A482-881A91A121AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2332l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCC13A1-D70D-4426-B847-99226E670946",
              "versionEndIncluding": "1.08.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2332l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D3B4CD-44F9-46D1-870E-5429D73ECCEA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-6010l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF861B2D-7E7A-4056-A0B9-3F739A4485B1",
              "versionEndIncluding": "1.15.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-6010l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C9F4DA-5433-42A8-B321-C2B6CD88822C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-7010l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98BE2B94-BAE6-4F60-8347-D065DD2A3F0D",
              "versionEndIncluding": "1.08.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-7010l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88405D4-6FB3-4E30-B6E8-48F6039FDECD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3691A9F1-647D-40D8-80C8-399EF01A9A4C",
              "versionEndIncluding": "1.00.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2530l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A05FF4-4847-41C2-946A-F8043481E11F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C37B4A-C985-4449-AF18-57948CDBE39C",
              "versionEndIncluding": "1.15.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D370AB5-388C-4368-B679-51CFBA8D5294",
              "versionEndIncluding": "2.13.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BC9948-BF0A-4A1C-9562-4B36E53CC97A",
              "versionEndIncluding": "1.13.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9787F3F-4454-4B37-BADE-D700D14C63B2",
              "versionEndIncluding": "2.13.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-934l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3D6B86A-5F52-44C1-A7C7-2B970CDFF6E7",
              "versionEndIncluding": "1.04.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-934l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24CC28E-1446-48A3-83FD-ED135D5C8C6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74070833-5E71-47CF-8F02-6D97FCCB55FB",
              "versionEndIncluding": "1.27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "804D8789-BE83-46F2-8EFB-50C7D2C14823",
              "versionEndIncluding": "2.11.03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "117AF393-E45E-4A89-B308-7BEF5979D006",
              "versionEndIncluding": "1.13.05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E1F2866-F7C1-4EC5-8C46-3DE78CD04AFB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "486B9DE3-4CB3-48BA-9F3A-A486179FC782",
              "versionEndIncluding": "1.13.05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-5009l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E19806-A378-456E-9F3E-54CE6B519E1B",
              "versionEndIncluding": "1.07.05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-5009l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B932DF47-F157-445E-8C52-0AAF1377E5C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-5010l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EECBA0D6-CBEA-46C2-8ED9-571531F22408",
              "versionEndIncluding": "1.13.05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-5010l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D57DC437-96C8-41BD-8120-1949BFD3A8EC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9150CEBC-2762-4376-BBBE-A13A4BFF17FA",
              "versionEndIncluding": "1.13.05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-5000l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E927400D-887A-4F12-B671-672D0FEC4DB7",
              "versionEndIncluding": "1.02.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "397F0BCA-7A8B-43A1-939D-27127384228D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-5025l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D407D08-9881-47BA-9C84-32581E84D38B",
              "versionEndIncluding": "1.02.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-5025l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B9D7B6-8185-4A44-88B6-2DE8937539A9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "174E05E4-DE3D-4A2C-BEC7-C171E0BE28AF",
              "versionEndIncluding": "1.01.06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2210l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FC05AE2-089F-4FA5-A7E7-31B6AA9D5F7B",
              "versionEndIncluding": "1.03.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2210l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4773DB8-F8ED-4841-8861-570D9A49E08F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2136l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64DF2031-114C-4A20-A45A-F2A89B422064",
              "versionEndIncluding": "1.04.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2136l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12486E64-E79B-4A3A-B1C6-2E3C33D8B299",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2132l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB304076-7631-48EA-ABF0-F541C341ECBC",
              "versionEndIncluding": "1.08.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2132l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B5F1984-B87D-400C-A9FE-8543C40986B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-7000l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E305FA72-FC97-4AA0-9508-D8B8961A511C",
              "versionEndIncluding": "1.04.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-7000l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A989B0-848F-48C4-A14A-098FD6007DF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-6212l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "706DA20A-8EF6-4B64-B486-07CDC9F25DB1",
              "versionEndIncluding": "1.00.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-6212l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3B662B4-2A1D-4ECB-9B71-BC6B6524625C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-5029l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECC1DA1-433C-4A40-A00E-5CBADA21D2FE",
              "versionEndIncluding": "1.12.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-5029l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73E1F0F-71E7-4108-A3E9-34A70351DC05",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2310l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19717483-8BBE-4313-AC13-5D56EEB6084D",
              "versionEndIncluding": "2.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2310l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1DE1F9-002A-4EC9-A482-881A91A121AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2330l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6AB59BB-3D79-45BF-9AA3-62C44A7F25E7",
              "versionEndIncluding": "1.13.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2330l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC9A8D3B-14B8-4CF7-8339-6504A21B7E98",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-2132l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E216B5-995F-4AA0-83EC-99AD9B87F582",
              "versionEndIncluding": "2.12.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-2132l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B5F1984-B87D-400C-A9FE-8543C40986B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dcs-5222l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED5E89C-1745-4C93-A891-F6C819C9E7B7",
              "versionEndIncluding": "2.12.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dcs-5222l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C4B9CD-6029-4B92-8785-1349292EDD69",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
    },
    {
      "lang": "es",
      "value": "Las c\u00e1maras DCS de D-Link tienen un archivo CrossDomain.XML d\u00e9bil/inseguro que permite a los sitios que alojan objetos Flash maliciosos acceder y/o cambiar la configuraci\u00f3n del dispositivo a trav\u00e9s de un ataque CSRF. Esto se debe a que el elemento secundario \u0027allow-access-from domain\u0027 se establece en *, aceptando as\u00ed peticiones de cualquier dominio. Si una v\u00edctima conectada a la consola web de la c\u00e1mara visita un sitio malicioso que aloja un archivo Flash malicioso desde otra pesta\u00f1a Navegador, el archivo Flash malicioso puede enviar solicitudes a la Camera de la serie DCS de la v\u00edctima sin conocer las credenciales. Un atacante puede alojar un archivo Flash malicioso que puede recuperar Live Feeds o informaci\u00f3n de la Camera de la serie DCS de la v\u00edctima, a\u00f1adir nuevos usuarios de administraci\u00f3n o realizar otros cambios en el dispositivo. Los dispositivos afectados conocidos son DCS-933L con firmware en versiones anteriores a 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L y DCS-932LB1."
    }
  ],
  "id": "CVE-2017-7852",
  "lastModified": "2024-11-21T03:32:48.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-24T10:59:00.160",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}