Vulnerabilites related to dlink - dcs-932l
Vulnerability from fkie_nvd
Published
2018-12-20 23:29
Modified
2024-11-21 03:55
Severity ?
Summary
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-936l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7BA11A-3EA2-4B51-9F1D-CA490309B8F6",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-936l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28203D6B-3BAD-4317-A43E-FB4F7DF6EB6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F19A9B-F477-4288-A4B6-039769204C90",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-8000lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "800EE948-8756-46AD-9B05-7092A87216E0",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-8000lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C39037E2-5703-46C7-AA44-7E8E8FE1DE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-942lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1998AD-B8E2-4725-B50B-86D189DE0442",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED97B580-A1FF-4207-91E2-8B0DAA6B2277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-5222l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6125BC-025C-4407-AC47-414821DB33B1",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4B9CD-6029-4B92-8785-1349292EDD69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-825l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E470C8A-9980-4EDD-B3D1-7B9C93714918",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-825l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "465C691A-5068-474F-9BCF-D3CD99388EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2630l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7F10E-CF1D-4C38-B8C1-F987AFAF77EB",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2630l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E09D0791-AAE2-4D42-A52D-D8755664BC4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-820l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0520A-9E40-45B0-89FE-D0139D0EFFD9",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D9AF38-6CC7-4651-97E7-7E26583021B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-855l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E40374D0-6021-4AF0-946C-CDC556686768",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-855l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3B756F-053B-43F1-B94E-F02E4B6CFB4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2121_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9A5A20-FD4F-4837-A76B-873EF2C24D0D",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1DE485-2705-4394-BC93-0BE99FE02F12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-5222lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68180870-7D72-44E2-AE93-DC7FD03E38C2",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C226B9-0C16-46D2-B169-33D500BFF726",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75848042-1899-41AB-AF25-735F78F91BBA",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6866E6F-BBD2-4C46-8621-466147D0A1B2",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-8100lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD73EB3-82E4-4F47-B4CD-EE71714BC0F0",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-8100lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92B26777-214B-47D8-82F9-FFFF200D2228",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "214CB888-1F26-4DB2-B1E7-4CBCB9F71942",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2B7033-E82D-42C9-BB5F-F32F2E0E4926",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78CD04CA-964A-4D74-B30E-7DC53E1858B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-942lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1998AD-B8E2-4725-B50B-86D189DE0442",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED97B580-A1FF-4207-91E2-8B0DAA6B2277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D43CDA-07AF-41D6-A0DC-A1F550F87901",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A01A5E49-6B5E-4CC5-A4FA-A2E52F31C9BA",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
},
{
"lang": "es",
"value": "Las c\u00e1maras Wi-Fi D-Link Serie DCS exponen informaci\u00f3n sensible relacionada con la configuraci\u00f3n del dispositivo. Los dispositivos afectados incluyen muchos de la serie DCS como: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L y muchos m\u00e1s. Hay muchas versiones de firmware afectadas, comenzando por la 1.00 y siguientes. Se puede acceder de forma remota al archivo de configuraci\u00f3n mediante: Camera-IP/common/info.cgi, sin autenticaci\u00f3n. El archivo de configuraci\u00f3n incluye los siguientes campos: modelo, producto, marca, versi\u00f3n, build, versi\u00f3n de hardware, versi\u00f3n de nipca, nombre del dispositivo, ubicaci\u00f3n, direcci\u00f3n MAC, direcci\u00f3n IP, direcci\u00f3n IP de la puerta de enlace, estado inal\u00e1mbrico, opciones de entrada/salida, altavoz y opciones del sensor."
}
],
"id": "CVE-2018-18441",
"lastModified": "2024-11-21T03:55:56.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T23:29:00.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-24 20:15
Modified
2024-11-21 06:26
Severity ?
Summary
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-932l_firmware | * | |
| dlink | dcs-932l | - | |
| dlink | dcs-5000l_firmware | 1.05 | |
| dlink | dcs-5000l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC03FDD-D493-40AE-8237-49B5CCD8B2A7",
"versionEndIncluding": "2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5000l_firmware:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "623442BE-FC1A-48A1-BEB6-3190D7D5C1B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397F0BCA-7A8B-43A1-939D-27127384228D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Un problema de privilegios elevados se presenta en D-Link DCS-5000L versi\u00f3n v1.05 y DCS-932L versi\u00f3n v2.17 y anteriores. El uso de la autenticaci\u00f3n digest para la interfaz de comandos de los dispositivos puede permitir otros vectores de ataque que pueden comprometer la configuraci\u00f3n de las c\u00e1maras y permitir que usuarios maliciosos en la LAN accedan al dispositivo. NOTA: Esta vulnerabilidad s\u00f3lo afecta a los productos que ya no son soportados por el mantenedor."
}
],
"id": "CVE-2021-41504",
"lastModified": "2024-11-21T06:26:20.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-24T20:15:07.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-24 18:55
Modified
2024-11-21 01:42
Severity ?
Summary
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-932l_firmware | 1.02 | |
| dlink | dcs-932l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "556DF6A7-A36E-45BE-B9C3-36957274DEDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
},
{
"lang": "es",
"value": "La c\u00e1mara D-Link DCS-932L con firmware v1.02 permite a atacantes remotos descubrir la contrase\u00f1a a trav\u00e9s de un paquete de difusi\u00f3n UDP, tal y como se demuestra mediante la ejecuci\u00f3n del Asistente para Configuraci\u00f3n de D-Link y la lectura posterior del valor de _paramR [\"P\"].\r\n"
}
],
"id": "CVE-2012-4046",
"lastModified": "2024-11-21T01:42:06.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-24T18:55:02.040",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2012/Dec/98"
},
{
"source": "cve@mitre.org",
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2012/Dec/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-24 20:15
Modified
2024-11-21 06:26
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-932l_firmware | * | |
| dlink | dcs-932l | - | |
| d-link | dcs-5000l_firmware | 1.05 | |
| dlink | dcs-5000l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC03FDD-D493-40AE-8237-49B5CCD8B2A7",
"versionEndIncluding": "2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-5000l_firmware:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "767926E3-53F8-4787-AD05-0FE62E33200E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397F0BCA-7A8B-43A1-939D-27127384228D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** DCS-5000L versi\u00f3n v1.05 y DCS-932L versi\u00f3n v2.17 y anteriores, est\u00e1n afectados por un Control de Acceso Incorrecto. El uso de la autenticaci\u00f3n b\u00e1sica para la interfaz de comandos de los dispositivos permite vectores de ataque que pueden comprometer la configuraci\u00f3n de las c\u00e1maras y permitir que usuarios maliciosos en la LAN accedan al dispositivo. NOTA: Esta vulnerabilidad s\u00f3lo afecta a los productos que ya no son soportados por el mantenedor."
}
],
"id": "CVE-2021-41503",
"lastModified": "2024-11-21T06:26:20.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-09-24T20:15:07.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 10:59
Modified
2024-11-21 03:32
Severity ?
Summary
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | Exploit, Mitigation, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2230l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF503030-B07A-432F-9DBC-2003DBDEFC39",
"versionEndIncluding": "1.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2230l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734A019E-883B-4BE7-AB10-9D50C5C8A8CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2310l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D489F126-1717-44B2-AB54-BE7E6E4FD78F",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2310l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1DE1F9-002A-4EC9-A482-881A91A121AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2332l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCC13A1-D70D-4426-B847-99226E670946",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2332l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D3B4CD-44F9-46D1-870E-5429D73ECCEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-6010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF861B2D-7E7A-4056-A0B9-3F739A4485B1",
"versionEndIncluding": "1.15.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-6010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71C9F4DA-5433-42A8-B321-C2B6CD88822C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-7010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98BE2B94-BAE6-4F60-8347-D065DD2A3F0D",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-7010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F88405D4-6FB3-4E30-B6E8-48F6039FDECD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3691A9F1-647D-40D8-80C8-399EF01A9A4C",
"versionEndIncluding": "1.00.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2530l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A05FF4-4847-41C2-946A-F8043481E11F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C37B4A-C985-4449-AF18-57948CDBE39C",
"versionEndIncluding": "1.15.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D370AB5-388C-4368-B679-51CFBA8D5294",
"versionEndIncluding": "2.13.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38BC9948-BF0A-4A1C-9562-4B36E53CC97A",
"versionEndIncluding": "1.13.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9787F3F-4454-4B37-BADE-D700D14C63B2",
"versionEndIncluding": "2.13.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-934l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D6B86A-5F52-44C1-A7C7-2B970CDFF6E7",
"versionEndIncluding": "1.04.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-934l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E24CC28E-1446-48A3-83FD-ED135D5C8C6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74070833-5E71-47CF-8F02-6D97FCCB55FB",
"versionEndIncluding": "1.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804D8789-BE83-46F2-8EFB-50C7D2C14823",
"versionEndIncluding": "2.11.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "117AF393-E45E-4A89-B308-7BEF5979D006",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1F2866-F7C1-4EC5-8C46-3DE78CD04AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "486B9DE3-4CB3-48BA-9F3A-A486179FC782",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5009l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59E19806-A378-456E-9F3E-54CE6B519E1B",
"versionEndIncluding": "1.07.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5009l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B932DF47-F157-445E-8C52-0AAF1377E5C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EECBA0D6-CBEA-46C2-8ED9-571531F22408",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D57DC437-96C8-41BD-8120-1949BFD3A8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9150CEBC-2762-4376-BBBE-A13A4BFF17FA",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5000l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E927400D-887A-4F12-B671-672D0FEC4DB7",
"versionEndIncluding": "1.02.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397F0BCA-7A8B-43A1-939D-27127384228D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5025l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D407D08-9881-47BA-9C84-32581E84D38B",
"versionEndIncluding": "1.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5025l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B9D7B6-8185-4A44-88B6-2DE8937539A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174E05E4-DE3D-4A2C-BEC7-C171E0BE28AF",
"versionEndIncluding": "1.01.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2210l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC05AE2-089F-4FA5-A7E7-31B6AA9D5F7B",
"versionEndIncluding": "1.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2210l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4773DB8-F8ED-4841-8861-570D9A49E08F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2136l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DF2031-114C-4A20-A45A-F2A89B422064",
"versionEndIncluding": "1.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2136l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12486E64-E79B-4A3A-B1C6-2E3C33D8B299",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2132l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB304076-7631-48EA-ABF0-F541C341ECBC",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2132l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5F1984-B87D-400C-A9FE-8543C40986B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-7000l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E305FA72-FC97-4AA0-9508-D8B8961A511C",
"versionEndIncluding": "1.04.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-7000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A989B0-848F-48C4-A14A-098FD6007DF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-6212l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706DA20A-8EF6-4B64-B486-07CDC9F25DB1",
"versionEndIncluding": "1.00.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-6212l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B662B4-2A1D-4ECB-9B71-BC6B6524625C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5029l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECC1DA1-433C-4A40-A00E-5CBADA21D2FE",
"versionEndIncluding": "1.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5029l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73E1F0F-71E7-4108-A3E9-34A70351DC05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2310l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19717483-8BBE-4313-AC13-5D56EEB6084D",
"versionEndIncluding": "2.03.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2310l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1DE1F9-002A-4EC9-A482-881A91A121AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2330l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AB59BB-3D79-45BF-9AA3-62C44A7F25E7",
"versionEndIncluding": "1.13.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2330l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9A8D3B-14B8-4CF7-8339-6504A21B7E98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2132l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E216B5-995F-4AA0-83EC-99AD9B87F582",
"versionEndIncluding": "2.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2132l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5F1984-B87D-400C-A9FE-8543C40986B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5222l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED5E89C-1745-4C93-A891-F6C819C9E7B7",
"versionEndIncluding": "2.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4B9CD-6029-4B92-8785-1349292EDD69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
},
{
"lang": "es",
"value": "Las c\u00e1maras DCS de D-Link tienen un archivo CrossDomain.XML d\u00e9bil/inseguro que permite a los sitios que alojan objetos Flash maliciosos acceder y/o cambiar la configuraci\u00f3n del dispositivo a trav\u00e9s de un ataque CSRF. Esto se debe a que el elemento secundario \u0027allow-access-from domain\u0027 se establece en *, aceptando as\u00ed peticiones de cualquier dominio. Si una v\u00edctima conectada a la consola web de la c\u00e1mara visita un sitio malicioso que aloja un archivo Flash malicioso desde otra pesta\u00f1a Navegador, el archivo Flash malicioso puede enviar solicitudes a la Camera de la serie DCS de la v\u00edctima sin conocer las credenciales. Un atacante puede alojar un archivo Flash malicioso que puede recuperar Live Feeds o informaci\u00f3n de la Camera de la serie DCS de la v\u00edctima, a\u00f1adir nuevos usuarios de administraci\u00f3n o realizar otros cambios en el dispositivo. Los dispositivos afectados conocidos son DCS-933L con firmware en versiones anteriores a 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L y DCS-932LB1."
}
],
"id": "CVE-2017-7852",
"lastModified": "2024-11-21T03:32:48.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T10:59:00.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-06 20:29
Modified
2024-11-21 04:20
Severity ?
Summary
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-930l_firmware | * | |
| dlink | dcs-930l | - | |
| dlink | dcs-931l_firmware | * | |
| dlink | dcs-931l | - | |
| dlink | dcs-932l_firmware | * | |
| dlink | dcs-932l | - | |
| dlink | dcs-933l_firmware | * | |
| dlink | dcs-933l | - | |
| dlink | dcs-934l_firmware | * | |
| dlink | dcs-934l | - | |
| dlink | dcs-5009l_firmware | * | |
| dlink | dcs-5009l | - | |
| dlink | dcs-5010l_firmware | * | |
| dlink | dcs-5010l | - | |
| dlink | dcs-5020l_firmware | * | |
| dlink | dcs-5020l | - | |
| dlink | dcs-5025l_firmware | * | |
| dlink | dcs-5025l | - | |
| dlink | dcs-5030l_firmware | * | |
| dlink | dcs-5030l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43D81A6-FAF0-42C0-850E-12258BC2FFFC",
"versionEndIncluding": "2.16.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87BFDCBA-BFFA-4901-810E-2161B86825A6",
"versionEndIncluding": "1.14.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1F2866-F7C1-4EC5-8C46-3DE78CD04AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B961379-BEA7-441C-BFD9-77278D36E6AC",
"versionEndIncluding": "2.17.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C282C-53EB-41C0-A5AC-A7DCD8BD520F",
"versionEndIncluding": "1.14.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-934l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A23B-E582-44D4-AD09-AD5C83184E99",
"versionEndIncluding": "1.05.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-934l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E24CC28E-1446-48A3-83FD-ED135D5C8C6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5009l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "002EEE1D-DE0C-499A-BE6B-14AF2A9CD0D2",
"versionEndIncluding": "1.08.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5009l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B932DF47-F157-445E-8C52-0AAF1377E5C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFCCE20-D8D4-4DF3-8629-06FE695F124D",
"versionEndIncluding": "1.14.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D57DC437-96C8-41BD-8120-1949BFD3A8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF7392E-B671-416A-8CAB-EA1B57AD89F2",
"versionEndIncluding": "1.15.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5025l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC9555B-16C3-44B2-A462-E56CDB988773",
"versionEndIncluding": "1.03.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5025l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B9D7B6-8185-4A44-88B6-2DE8937539A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95C4DA13-FD90-4E6B-9A1C-F5562F6E0A9C",
"versionEndIncluding": "1.04.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
},
{
"lang": "es",
"value": "Las series DCS de D-Link de c\u00e1maras Wi-Fi contienen una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en alphapd, el servidor web de la c\u00e1mara. El desbordamiento permite a un atacante autenticado de forma remota ejecutar c\u00f3digo arbitrario proporcionando una cadena larga en el par\u00e1metro WEPEncryption cuando solicita wireless.htm. Los dispositivos vulnerables incluyen DCS-5009L (1.08.11 y anteriores), DCS-5010L (1.14.09 y anteriores), DCS-5020L (1.15.12 y anteriores), DCS-5025L (1.03.07 y anteriores), DCS-5030L (1.04).10 y anteriores), DCS-930L (2.16.01 y anteriores), DCS-931L (1.14.11 y anteriores), DCS-932L (2.17.01y anteriores), DCS-933L (1.14.11 y anteriores) y DCS-934L (1.05.04 y anteriores)."
}
],
"id": "CVE-2019-10999",
"lastModified": "2024-11-21T04:20:19.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-06T20:29:01.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"source": "cve@mitre.org",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-41503
Vulnerability from cvelistv5
Published
2021-09-24 19:26
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:dcs-5000l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcs-5000l_firmware",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "1.05"
}
]
},
{
"cpes": [
"cpe:2.3:o:d-link:dcs-932l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcs-932l_firmware",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-41503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T17:43:56.690922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:47:54.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T19:47:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41503",
"datePublished": "2021-09-24T19:26:55",
"dateReserved": "2021-09-20T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41504
Vulnerability from cvelistv5
Published
2021-09-24 19:30
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T19:48:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41504",
"datePublished": "2021-09-24T19:30:35",
"dateReserved": "2021-09-20T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7852
Vulnerability from cvelistv5
Published
2017-04-24 10:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:28.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-24T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7852",
"datePublished": "2017-04-24T10:00:00",
"dateReserved": "2017-04-13T00:00:00",
"dateUpdated": "2024-08-05T16:19:28.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4046
Vulnerability from cvelistv5
Published
2012-12-24 18:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046 | x_refsource_MISC | |
| http://seclists.org/bugtraq/2012/Dec/98 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2012/Dec/98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-24T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2012/Dec/98"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046",
"refsource": "MISC",
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Dec/98"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4046",
"datePublished": "2012-12-24T18:00:00Z",
"dateReserved": "2012-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T03:13:29.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10999
Vulnerability from cvelistv5
Published
2019-05-06 19:30
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzywalls/CVE-2019-10999 | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T14:07:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzywalls/CVE-2019-10999",
"refsource": "MISC",
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10999",
"datePublished": "2019-05-06T19:30:57",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18441
Vulnerability from cvelistv5
Published
2018-12-20 22:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/",
"refsource": "MISC",
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18441",
"datePublished": "2018-12-20T22:00:00",
"dateReserved": "2018-10-17T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201212-0024
Vulnerability from variot
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. D-Link DCS-932L Cloud Camera is a home infrared wireless network camera cloud camera. D-Link DCS-932L Cloud Camera has an error when processing UDP requests for device passwords. D-Link DCS-932L is prone to an information-disclosure vulnerability. D-Link DCS-932L 1.02 is vulnerable; other versions may also be affected.
CVE-2012-4046
Details: http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046 . ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: D-Link DCS-932L Password Request Handling Security Issue
SECUNIA ADVISORY ID: SA51610
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51610/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51610
RELEASE DATE: 2012-12-20
DISCUSS ADVISORY: http://secunia.com/advisories/51610/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51610/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51610
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Jason Doyle has reported a security issue in D-Link DCS-932L, which can be exploited by malicious people to gain knowledge of sensitive information.
The vulnerability is reported in firmware version 1.02.
SOLUTION: No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY: Jason Doyle
ORIGINAL ADVISORY: http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-932l",
"scope": "eq",
"trust": 1.4,
"vendor": "d link",
"version": "1.02"
},
{
"model": "dcs-932l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dcs-932l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02"
},
{
"model": "dcs-932l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-932l cloud camera",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1100"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
},
{
"db": "NVD",
"id": "CVE-2012-4046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dcs-932l_camera",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-932l_camera_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jason Doyle",
"sources": [
{
"db": "BID",
"id": "57011"
},
{
"db": "PACKETSTORM",
"id": "118850"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
}
],
"trust": 1.0
},
"cve": "CVE-2012-4046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2012-4046",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-57327",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4046",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-4046",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-301",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-57327",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57327"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
},
{
"db": "NVD",
"id": "CVE-2012-4046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value. D-Link DCS-932L Cloud Camera is a home infrared wireless network camera cloud camera. D-Link DCS-932L Cloud Camera has an error when processing UDP requests for device passwords. D-Link DCS-932L is prone to an information-disclosure vulnerability. \nD-Link DCS-932L 1.02 is vulnerable; other versions may also be affected. \n\nCVE-2012-4046\n\nDetails:\nhttp://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046\n. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DCS-932L Password Request Handling Security Issue\n\nSECUNIA ADVISORY ID:\nSA51610\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51610/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51610\n\nRELEASE DATE:\n2012-12-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51610/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51610/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51610\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nJason Doyle has reported a security issue in D-Link DCS-932L, which\ncan be exploited by malicious people to gain knowledge of sensitive\ninformation. \n\nThe vulnerability is reported in firmware version 1.02. \n\nSOLUTION:\nNo official solution is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nJason Doyle\n\nORIGINAL ADVISORY:\nhttp://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4046"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"db": "BID",
"id": "57011"
},
{
"db": "VULHUB",
"id": "VHN-57327"
},
{
"db": "PACKETSTORM",
"id": "118850"
},
{
"db": "PACKETSTORM",
"id": "118979"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-57327",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57327"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4046",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "51610",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005793",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201212-301",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-7615",
"trust": 0.6
},
{
"db": "BID",
"id": "57011",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "118850",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-60527",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-57327",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "118979",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"db": "VULHUB",
"id": "VHN-57327"
},
{
"db": "BID",
"id": "57011"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"db": "PACKETSTORM",
"id": "118850"
},
{
"db": "PACKETSTORM",
"id": "118979"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
},
{
"db": "NVD",
"id": "CVE-2012-4046"
}
]
},
"id": "VAR-201212-0024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"db": "VULHUB",
"id": "VHN-57327"
}
],
"trust": 1.5076923199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7615"
}
]
},
"last_update_date": "2024-11-23T22:23:16.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DCS-932L",
"trust": 0.8,
"url": "http://mydlink.dlink.com/products/DCS-932L"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57327"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"db": "NVD",
"id": "CVE-2012-4046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"trust": 1.7,
"url": "http://seclists.org/bugtraq/2012/dec/98"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4046"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4046"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/51610/http"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4046"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51610/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51610"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51610/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"db": "VULHUB",
"id": "VHN-57327"
},
{
"db": "BID",
"id": "57011"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"db": "PACKETSTORM",
"id": "118850"
},
{
"db": "PACKETSTORM",
"id": "118979"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
},
{
"db": "NVD",
"id": "CVE-2012-4046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"db": "VULHUB",
"id": "VHN-57327"
},
{
"db": "BID",
"id": "57011"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"db": "PACKETSTORM",
"id": "118850"
},
{
"db": "PACKETSTORM",
"id": "118979"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
},
{
"db": "NVD",
"id": "CVE-2012-4046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"date": "2012-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-57327"
},
{
"date": "2012-12-20T00:00:00",
"db": "BID",
"id": "57011"
},
{
"date": "2012-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"date": "2012-12-14T17:22:22",
"db": "PACKETSTORM",
"id": "118850"
},
{
"date": "2012-12-21T08:02:15",
"db": "PACKETSTORM",
"id": "118979"
},
{
"date": "2012-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-301"
},
{
"date": "2012-12-24T18:55:02.040000",
"db": "NVD",
"id": "CVE-2012-4046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"date": "2015-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-57327"
},
{
"date": "2012-12-20T00:00:00",
"db": "BID",
"id": "57011"
},
{
"date": "2012-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005793"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-301"
},
{
"date": "2024-11-21T01:42:06.563000",
"db": "NVD",
"id": "CVE-2012-4046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DCS-932L Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7615"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-301"
}
],
"trust": 0.6
}
}
var-201812-0065
Vulnerability from variot
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: /common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. / Output settings, speaker and sensor settings information, etc. D-Link DCS-936L, etc. The following products are affected: D-Link DCS-936L; DCS-942L; DCS-8000LH; DCS-942LB1; 5222LB1; DCS-5020L, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-936l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-942l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-8000lh",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-942lb1",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5222l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-825l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2630l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-820l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-855l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2121",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dcs-930l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-5030l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-933l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-5222l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-936l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-825l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-2630l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-942lb1",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-5222lb1",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-8100lh",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-932l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-2102",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-942l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-5020l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dcs-820l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-2121",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-8000lh",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-855l",
"scope": "gte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dcs-5222lb1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5020l",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 942lb1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 936l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2121",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5222lb1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5020l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 930l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 8100lh",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 932l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2102",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 933l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5030l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 942l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 8000lh",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5222l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 825l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2630l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 820l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 855l",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dcs-2121_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2630l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5222l__firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-8000lh_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-820l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-825l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-855l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-936l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-942l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-942lb1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
}
]
},
"cve": "CVE-2018-18441",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-18441",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-26797",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d831f62-463f-11e9-8196-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-129001",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-18441",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18441",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-18441",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-26797",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-968",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. / Output settings, speaker and sensor settings information, etc. D-Link DCS-936L, etc. The following products are affected: D-Link DCS-936L; DCS-942L; DCS-8000LH; DCS-942LB1; 5222LB1; DCS-5020L, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18441"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-129001"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18441",
"trust": 3.3
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-26797",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D831F62-463F-11E9-8196-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-129001",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"id": "VAR-201812-0065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
}
],
"trust": 1.5519531171428573
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
}
]
},
"last_update_date": "2024-11-23T22:41:38.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18441"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18441"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"db": "VULHUB",
"id": "VHN-129001"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-28T00:00:00",
"db": "IVD",
"id": "7d831f62-463f-11e9-8196-000c29342cb1"
},
{
"date": "2018-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"date": "2018-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-129001"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"date": "2018-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"date": "2018-12-20T23:29:00.707000",
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-26797"
},
{
"date": "2019-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-129001"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014473"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-968"
},
{
"date": "2024-11-21T03:55:56.640000",
"db": "NVD",
"id": "CVE-2018-18441"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link DCS series Product Wi-Fi Information disclosure vulnerability in cameras",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014473"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-968"
}
],
"trust": 0.6
}
}
var-202109-1107
Vulnerability from variot
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DCS-5000L and DCS-932L There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera.
D-Link DCS-5000L and DCS-932L have security vulnerabilities, which stem from the lack of effective trust management mechanisms in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1107",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-5000l",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "1.05"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.17"
},
{
"model": "dcs-932l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5000l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 0.6,
"vendor": "d link",
"version": "\u003c=2.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"db": "NVD",
"id": "CVE-2021-41503"
}
]
},
"cve": "CVE-2021-41503",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2021-41503",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2021-94831",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2021-41503",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-41503",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41503",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-41503",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-41503",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-94831",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1686",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-41503",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"db": "VULMON",
"id": "CVE-2021-41503"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1686"
},
{
"db": "NVD",
"id": "CVE-2021-41503"
},
{
"db": "NVD",
"id": "CVE-2021-41503"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DCS-5000L and DCS-932L There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera. \n\r\n\r\nD-Link DCS-5000L and DCS-932L have security vulnerabilities, which stem from the lack of effective trust management mechanisms in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41503"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"db": "VULMON",
"id": "CVE-2021-41503"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41503",
"trust": 3.9
},
{
"db": "DLINK",
"id": "SAP10247",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012454",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94831",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1686",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-41503",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"db": "VULMON",
"id": "CVE-2021-41503"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1686"
},
{
"db": "NVD",
"id": "CVE-2021-41503"
}
]
},
"id": "VAR-202109-1107",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94831"
}
],
"trust": 1.229120885
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94831"
}
]
},
"last_update_date": "2024-11-23T22:37:01.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link DCS-5000L and DCS-932L authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/302891"
},
{
"title": "D-link Dcs-932L and D-link Dcs-5000L Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164768"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1686"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"db": "NVD",
"id": "CVE-2021-41503"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41503"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10247"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"db": "VULMON",
"id": "CVE-2021-41503"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1686"
},
{
"db": "NVD",
"id": "CVE-2021-41503"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"db": "VULMON",
"id": "CVE-2021-41503"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1686"
},
{
"db": "NVD",
"id": "CVE-2021-41503"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"date": "2021-09-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41503"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"date": "2021-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1686"
},
{
"date": "2021-09-24T20:15:07.373000",
"db": "NVD",
"id": "CVE-2021-41503"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94831"
},
{
"date": "2021-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41503"
},
{
"date": "2022-08-31T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-012454"
},
{
"date": "2021-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1686"
},
{
"date": "2024-11-21T06:26:20.110000",
"db": "NVD",
"id": "CVE-2021-41503"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1686"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DCS-5000L\u00a0 and \u00a0DCS-932L\u00a0 Authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012454"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1686"
}
],
"trust": 0.6
}
}
var-202109-1847
Vulnerability from variot
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DCS-5000L and DCS-932L Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1847",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-5000l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.17"
},
{
"model": "dcs-932l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5000l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5000l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.05"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 0.6,
"vendor": "d link",
"version": "\u003c=2.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"db": "NVD",
"id": "CVE-2021-41504"
}
]
},
"cve": "CVE-2021-41504",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2021-41504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2021-94833",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2021-41504",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-41504",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41504",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-41504",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-94833",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1690",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-41504",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"db": "VULMON",
"id": "CVE-2021-41504"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1690"
},
{
"db": "NVD",
"id": "CVE-2021-41504"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DCS-5000L and DCS-932L Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41504"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"db": "VULMON",
"id": "CVE-2021-41504"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41504",
"trust": 3.9
},
{
"db": "DLINK",
"id": "SAP10247",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012453",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94833",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1690",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-41504",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"db": "VULMON",
"id": "CVE-2021-41504"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1690"
},
{
"db": "NVD",
"id": "CVE-2021-41504"
}
]
},
"id": "VAR-202109-1847",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94833"
}
],
"trust": 1.229120885
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94833"
}
]
},
"last_update_date": "2024-11-23T22:37:01.428000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link DCS-5000L and DCS-932L privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/302896"
},
{
"title": "D-link Dcs-932L and D-link Dcs-5000L Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164770"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1690"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"db": "NVD",
"id": "CVE-2021-41504"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41504"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10247"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"db": "VULMON",
"id": "CVE-2021-41504"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1690"
},
{
"db": "NVD",
"id": "CVE-2021-41504"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"db": "VULMON",
"id": "CVE-2021-41504"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1690"
},
{
"db": "NVD",
"id": "CVE-2021-41504"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"date": "2021-09-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41504"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"date": "2021-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1690"
},
{
"date": "2021-09-24T20:15:07.437000",
"db": "NVD",
"id": "CVE-2021-41504"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94833"
},
{
"date": "2021-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41504"
},
{
"date": "2022-08-31T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2021-012453"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1690"
},
{
"date": "2024-11-21T06:26:20.360000",
"db": "NVD",
"id": "CVE-2021-41504"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1690"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DCS-5000L\u00a0 and \u00a0DCS-932L\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012453"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1690"
}
],
"trust": 0.6
}
}
var-201704-1588
Vulnerability from variot
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. plural D-Link DCS The camera contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDCS-933L is a wireless surveillance camera device from D-Link. There are security holes in several D-LinkDCS cameras. D-Link DCS-933L, etc. The following products are affected: D-Link DCS-5030L; DCS-5020L; DCS-2530L; DCS-2630L;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-931l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.05"
},
{
"model": "dcs-933l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.05"
},
{
"model": "dcs-2136l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04.01"
},
{
"model": "dcs-6212l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00.12"
},
{
"model": "dcs-2132l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.12.00"
},
{
"model": "dcs-942l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.27"
},
{
"model": "dcs-5029l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12.00"
},
{
"model": "dcs-5000l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02.02"
},
{
"model": "dcs-5009l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.07.05"
},
{
"model": "dcs-2530l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00.21"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.04"
},
{
"model": "dcs-942l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.11.03"
},
{
"model": "dcs-6010l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15.01"
},
{
"model": "dcs-2332l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.01"
},
{
"model": "dcs-5010l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.05"
},
{
"model": "dcs-2310l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.01"
},
{
"model": "dcs-5030l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01.06"
},
{
"model": "dcs-7010l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.01"
},
{
"model": "dcs-930l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15.04"
},
{
"model": "dcs-2210l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03.01"
},
{
"model": "dcs-2132l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.01"
},
{
"model": "dcs-2230l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03.01"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.13.15"
},
{
"model": "dcs-5020l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.05"
},
{
"model": "dcs-7000l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04.00"
},
{
"model": "dcs-5222l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.12.00"
},
{
"model": "dcs-934l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04.15"
},
{
"model": "dcs-930l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.13.15"
},
{
"model": "dcs-5025l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02.10"
},
{
"model": "dcs-2330l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.00"
},
{
"model": "dcs-2310l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.03.00"
},
{
"model": "dcs-2132l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2136l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2210l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2230l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2310l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2330l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2332l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-2530l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5000l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5009l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5010l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5020l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5025l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5029l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5030l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5222l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-6010l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-6212l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-7000l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-7010l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-930l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-931l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-932l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-933l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-934l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-942l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-933l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-5030l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-5020l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-2530l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-2630l",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.05"
},
{
"model": "dcs-7000l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.04.00"
},
{
"model": "dcs-2136l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.04.01"
},
{
"model": "dcs-5000l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02.02"
},
{
"model": "dcs-5029l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.12.00"
},
{
"model": "dcs-2310l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.03.00"
},
{
"model": "dcs-2330l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.13.00"
},
{
"model": "dcs-2132l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.12.00"
},
{
"model": "dcs-2132l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.08.01"
},
{
"model": "dcs-2210l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03.01"
},
{
"model": "dcs-5025l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 932l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 942l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 2310l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 2132l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dcs 930l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2230l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 934l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 931l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 933l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5009l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5010l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5020l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5000l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5025l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5030l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2210l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2136l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 7000l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 6212l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5222l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 5029l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2332l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2330l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 6010l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 7010l",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dcs 2530l",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dcs-2132l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2136l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2210l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2230l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2310l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2330l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2332l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-2530l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5000l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5009l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5020l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5025l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5029l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5030l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5222l__firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-6010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-6212l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-7000l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-7010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-930l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-931l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-932l_camera_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-933l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-934l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-942l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
}
]
},
"cve": "CVE-2017-7852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-7852",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-06729",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-116055",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7852",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7852",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7852",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-06729",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-783",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116055",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. plural D-Link DCS The camera contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDCS-933L is a wireless surveillance camera device from D-Link. There are security holes in several D-LinkDCS cameras. D-Link DCS-933L, etc. The following products are affected: D-Link DCS-5030L; DCS-5020L; DCS-2530L; DCS-2630L;",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7852"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "VULHUB",
"id": "VHN-116055"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-116055",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116055"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7852",
"trust": 3.3
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-06729",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648",
"trust": 0.8
},
{
"db": "IVD",
"id": "76B829DA-D734-4842-BAE5-3DD9FF5F23DC",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "42074",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142702",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-116055",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"id": "VAR-201704-1588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
}
],
"trust": 1.575429490909091
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
}
]
},
"last_update_date": "2024-11-23T21:54:06.989000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://us.dlink.com/"
},
{
"title": "Patch for D-LinkDCS Cross-site Forgery Request Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93817"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7852"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7852"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"db": "VULHUB",
"id": "VHN-116055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-16T00:00:00",
"db": "IVD",
"id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
},
{
"date": "2017-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"date": "2017-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-116055"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"date": "2017-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"date": "2017-04-24T10:59:00.160000",
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06729"
},
{
"date": "2017-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-116055"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003648"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-783"
},
{
"date": "2024-11-21T03:32:48.153000",
"db": "NVD",
"id": "CVE-2017-7852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link DCS Cross-site request forgery vulnerability in camera",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-783"
}
],
"trust": 0.6
}
}
var-201905-1066
Vulnerability from variot
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). plural D-Link DCS series Product Wi-Fi camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DCS-5009L and so on are all DCS series IP cameras produced by Taiwan D-Link Company. Alphapd in several D-Link products has a stack-based buffer overflow vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: D-Link DCS-5009L 1.08.11 and earlier; DCS-5010L 1.14.09 and earlier; DCS-5020L 1.15.12 and earlier; DCS-5025L 1.03.07 and earlier; DCS-5030L 1.04.10 and earlier; DCS-930L 2.16.01 and earlier; DCS-931L 1.14.11 and earlier; DCS-932L 2.17.01 and earlier; DCS-933L 1.14.11 and earlier; DCS-934L 1.05.04 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-934l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05.04"
},
{
"model": "dcs-5030l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04.10"
},
{
"model": "dcs-5009l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08.11"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.17.01"
},
{
"model": "dcs-931l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14.11"
},
{
"model": "dcs-933l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14.11"
},
{
"model": "dcs-5025l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03.07"
},
{
"model": "dcs-930l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.16.01"
},
{
"model": "dcs-5010l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14.09"
},
{
"model": "dcs-5020l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15.12"
},
{
"model": "dcs-5009l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.08.11"
},
{
"model": "dcs-5010l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14.09"
},
{
"model": "dcs-5020l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.15.12"
},
{
"model": "dcs-5025l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.03.07"
},
{
"model": "dcs-5030l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.04.10"
},
{
"model": "dcs-930l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.16.01"
},
{
"model": "dcs-931l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14.11"
},
{
"model": "dcs-932l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.17.01"
},
{
"model": "dcs-933l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14.11"
},
{
"model": "dcs-934l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.05.04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dcs-5009l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5010l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5020l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5025l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-5030l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-930l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-931l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-932l_camera_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-933l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dcs-934l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
}
]
},
"cve": "CVE-2019-10999",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-10999",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-142601",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-10999",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10999",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10999",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-138",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142601",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-10999",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). plural D-Link DCS series Product Wi-Fi camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DCS-5009L and so on are all DCS series IP cameras produced by Taiwan D-Link Company. Alphapd in several D-Link products has a stack-based buffer overflow vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: D-Link DCS-5009L 1.08.11 and earlier; DCS-5010L 1.14.09 and earlier; DCS-5020L 1.15.12 and earlier; DCS-5025L 1.03.07 and earlier; DCS-5030L 1.04.10 and earlier; DCS-930L 2.16.01 and earlier; DCS-931L 1.14.11 and earlier; DCS-932L 2.17.01 and earlier; DCS-933L 1.14.11 and earlier; DCS-934L 1.05.04 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10999",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10131",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142601",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-10999",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"id": "VAR-201905-1066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
}
],
"trust": 0.7245163080000001
},
"last_update_date": "2024-11-23T22:12:01.266000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
},
{
"title": "CVE-2019-10999",
"trust": 0.1,
"url": "https://github.com/qjh2333/CVE-2019-10999 "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/fuzzywalls/cve-2019-10999"
},
{
"trust": 1.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10131"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10999"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/qjh2333/cve-2019-10999"
},
{
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142601"
},
{
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-142601"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"date": "2019-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"date": "2019-05-06T20:29:01.210000",
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142601"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10999"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004361"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-138"
},
{
"date": "2024-11-21T04:20:19.520000",
"db": "NVD",
"id": "CVE-2019-10999"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link DCS series Product Wi-Fi camera Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-138"
}
],
"trust": 0.6
}
}