Vulnerabilites related to dlink - dcs-932l_firmware
Vulnerability from fkie_nvd
Published
2018-12-20 23:29
Modified
2024-11-21 03:55
Severity ?
Summary
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-936l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7BA11A-3EA2-4B51-9F1D-CA490309B8F6",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-936l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28203D6B-3BAD-4317-A43E-FB4F7DF6EB6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F19A9B-F477-4288-A4B6-039769204C90",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-8000lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "800EE948-8756-46AD-9B05-7092A87216E0",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-8000lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C39037E2-5703-46C7-AA44-7E8E8FE1DE62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-942lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1998AD-B8E2-4725-B50B-86D189DE0442",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED97B580-A1FF-4207-91E2-8B0DAA6B2277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-5222l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6125BC-025C-4407-AC47-414821DB33B1",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4B9CD-6029-4B92-8785-1349292EDD69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-825l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E470C8A-9980-4EDD-B3D1-7B9C93714918",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-825l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "465C691A-5068-474F-9BCF-D3CD99388EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2630l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7F10E-CF1D-4C38-B8C1-F987AFAF77EB",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2630l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E09D0791-AAE2-4D42-A52D-D8755664BC4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-820l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0520A-9E40-45B0-89FE-D0139D0EFFD9",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D9AF38-6CC7-4651-97E7-7E26583021B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-855l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E40374D0-6021-4AF0-946C-CDC556686768",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-855l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3B756F-053B-43F1-B94E-F02E4B6CFB4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2121_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9A5A20-FD4F-4837-A76B-873EF2C24D0D",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1DE485-2705-4394-BC93-0BE99FE02F12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-5222lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68180870-7D72-44E2-AE93-DC7FD03E38C2",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C226B9-0C16-46D2-B169-33D500BFF726",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75848042-1899-41AB-AF25-735F78F91BBA",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6866E6F-BBD2-4C46-8621-466147D0A1B2",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-8100lh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD73EB3-82E4-4F47-B4CD-EE71714BC0F0",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-8100lh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92B26777-214B-47D8-82F9-FFFF200D2228",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "214CB888-1F26-4DB2-B1E7-4CBCB9F71942",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-2102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2B7033-E82D-42C9-BB5F-F32F2E0E4926",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78CD04CA-964A-4D74-B30E-7DC53E1858B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-942lb1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1998AD-B8E2-4725-B50B-86D189DE0442",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942lb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED97B580-A1FF-4207-91E2-8B0DAA6B2277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D43CDA-07AF-41D6-A0DC-A1F550F87901",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A01A5E49-6B5E-4CC5-A4FA-A2E52F31C9BA",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
},
{
"lang": "es",
"value": "Las c\u00e1maras Wi-Fi D-Link Serie DCS exponen informaci\u00f3n sensible relacionada con la configuraci\u00f3n del dispositivo. Los dispositivos afectados incluyen muchos de la serie DCS como: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L y muchos m\u00e1s. Hay muchas versiones de firmware afectadas, comenzando por la 1.00 y siguientes. Se puede acceder de forma remota al archivo de configuraci\u00f3n mediante: Camera-IP/common/info.cgi, sin autenticaci\u00f3n. El archivo de configuraci\u00f3n incluye los siguientes campos: modelo, producto, marca, versi\u00f3n, build, versi\u00f3n de hardware, versi\u00f3n de nipca, nombre del dispositivo, ubicaci\u00f3n, direcci\u00f3n MAC, direcci\u00f3n IP, direcci\u00f3n IP de la puerta de enlace, estado inal\u00e1mbrico, opciones de entrada/salida, altavoz y opciones del sensor."
}
],
"id": "CVE-2018-18441",
"lastModified": "2024-11-21T03:55:56.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T23:29:00.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-24 20:15
Modified
2024-11-21 06:26
Severity ?
Summary
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-932l_firmware | * | |
| dlink | dcs-932l | - | |
| dlink | dcs-5000l_firmware | 1.05 | |
| dlink | dcs-5000l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC03FDD-D493-40AE-8237-49B5CCD8B2A7",
"versionEndIncluding": "2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5000l_firmware:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "623442BE-FC1A-48A1-BEB6-3190D7D5C1B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397F0BCA-7A8B-43A1-939D-27127384228D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Un problema de privilegios elevados se presenta en D-Link DCS-5000L versi\u00f3n v1.05 y DCS-932L versi\u00f3n v2.17 y anteriores. El uso de la autenticaci\u00f3n digest para la interfaz de comandos de los dispositivos puede permitir otros vectores de ataque que pueden comprometer la configuraci\u00f3n de las c\u00e1maras y permitir que usuarios maliciosos en la LAN accedan al dispositivo. NOTA: Esta vulnerabilidad s\u00f3lo afecta a los productos que ya no son soportados por el mantenedor."
}
],
"id": "CVE-2021-41504",
"lastModified": "2024-11-21T06:26:20.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-24T20:15:07.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-24 18:55
Modified
2024-11-21 01:42
Severity ?
Summary
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-932l_firmware | 1.02 | |
| dlink | dcs-932l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "556DF6A7-A36E-45BE-B9C3-36957274DEDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
},
{
"lang": "es",
"value": "La c\u00e1mara D-Link DCS-932L con firmware v1.02 permite a atacantes remotos descubrir la contrase\u00f1a a trav\u00e9s de un paquete de difusi\u00f3n UDP, tal y como se demuestra mediante la ejecuci\u00f3n del Asistente para Configuraci\u00f3n de D-Link y la lectura posterior del valor de _paramR [\"P\"].\r\n"
}
],
"id": "CVE-2012-4046",
"lastModified": "2024-11-21T01:42:06.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-24T18:55:02.040",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2012/Dec/98"
},
{
"source": "cve@mitre.org",
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2012/Dec/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-24 20:15
Modified
2024-11-21 06:26
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-932l_firmware | * | |
| dlink | dcs-932l | - | |
| d-link | dcs-5000l_firmware | 1.05 | |
| dlink | dcs-5000l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC03FDD-D493-40AE-8237-49B5CCD8B2A7",
"versionEndIncluding": "2.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dcs-5000l_firmware:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "767926E3-53F8-4787-AD05-0FE62E33200E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397F0BCA-7A8B-43A1-939D-27127384228D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** DCS-5000L versi\u00f3n v1.05 y DCS-932L versi\u00f3n v2.17 y anteriores, est\u00e1n afectados por un Control de Acceso Incorrecto. El uso de la autenticaci\u00f3n b\u00e1sica para la interfaz de comandos de los dispositivos permite vectores de ataque que pueden comprometer la configuraci\u00f3n de las c\u00e1maras y permitir que usuarios maliciosos en la LAN accedan al dispositivo. NOTA: Esta vulnerabilidad s\u00f3lo afecta a los productos que ya no son soportados por el mantenedor."
}
],
"id": "CVE-2021-41503",
"lastModified": "2024-11-21T06:26:20.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-09-24T20:15:07.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 10:59
Modified
2024-11-21 03:32
Severity ?
Summary
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | Exploit, Mitigation, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2230l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF503030-B07A-432F-9DBC-2003DBDEFC39",
"versionEndIncluding": "1.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2230l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "734A019E-883B-4BE7-AB10-9D50C5C8A8CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2310l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D489F126-1717-44B2-AB54-BE7E6E4FD78F",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2310l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1DE1F9-002A-4EC9-A482-881A91A121AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2332l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCC13A1-D70D-4426-B847-99226E670946",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2332l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D3B4CD-44F9-46D1-870E-5429D73ECCEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-6010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF861B2D-7E7A-4056-A0B9-3F739A4485B1",
"versionEndIncluding": "1.15.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-6010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71C9F4DA-5433-42A8-B321-C2B6CD88822C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-7010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98BE2B94-BAE6-4F60-8347-D065DD2A3F0D",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-7010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F88405D4-6FB3-4E30-B6E8-48F6039FDECD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3691A9F1-647D-40D8-80C8-399EF01A9A4C",
"versionEndIncluding": "1.00.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2530l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A05FF4-4847-41C2-946A-F8043481E11F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C37B4A-C985-4449-AF18-57948CDBE39C",
"versionEndIncluding": "1.15.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D370AB5-388C-4368-B679-51CFBA8D5294",
"versionEndIncluding": "2.13.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38BC9948-BF0A-4A1C-9562-4B36E53CC97A",
"versionEndIncluding": "1.13.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9787F3F-4454-4B37-BADE-D700D14C63B2",
"versionEndIncluding": "2.13.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-934l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D6B86A-5F52-44C1-A7C7-2B970CDFF6E7",
"versionEndIncluding": "1.04.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-934l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E24CC28E-1446-48A3-83FD-ED135D5C8C6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74070833-5E71-47CF-8F02-6D97FCCB55FB",
"versionEndIncluding": "1.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-942l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804D8789-BE83-46F2-8EFB-50C7D2C14823",
"versionEndIncluding": "2.11.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-942l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D04A473-87F2-4B8C-8FBF-BC02CF0DA8FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "117AF393-E45E-4A89-B308-7BEF5979D006",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1F2866-F7C1-4EC5-8C46-3DE78CD04AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "486B9DE3-4CB3-48BA-9F3A-A486179FC782",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5009l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59E19806-A378-456E-9F3E-54CE6B519E1B",
"versionEndIncluding": "1.07.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5009l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B932DF47-F157-445E-8C52-0AAF1377E5C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EECBA0D6-CBEA-46C2-8ED9-571531F22408",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D57DC437-96C8-41BD-8120-1949BFD3A8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9150CEBC-2762-4376-BBBE-A13A4BFF17FA",
"versionEndIncluding": "1.13.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5000l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E927400D-887A-4F12-B671-672D0FEC4DB7",
"versionEndIncluding": "1.02.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397F0BCA-7A8B-43A1-939D-27127384228D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5025l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D407D08-9881-47BA-9C84-32581E84D38B",
"versionEndIncluding": "1.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5025l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B9D7B6-8185-4A44-88B6-2DE8937539A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174E05E4-DE3D-4A2C-BEC7-C171E0BE28AF",
"versionEndIncluding": "1.01.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2210l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC05AE2-089F-4FA5-A7E7-31B6AA9D5F7B",
"versionEndIncluding": "1.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2210l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4773DB8-F8ED-4841-8861-570D9A49E08F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2136l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DF2031-114C-4A20-A45A-F2A89B422064",
"versionEndIncluding": "1.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2136l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12486E64-E79B-4A3A-B1C6-2E3C33D8B299",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2132l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB304076-7631-48EA-ABF0-F541C341ECBC",
"versionEndIncluding": "1.08.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2132l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5F1984-B87D-400C-A9FE-8543C40986B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-7000l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E305FA72-FC97-4AA0-9508-D8B8961A511C",
"versionEndIncluding": "1.04.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-7000l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A989B0-848F-48C4-A14A-098FD6007DF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-6212l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706DA20A-8EF6-4B64-B486-07CDC9F25DB1",
"versionEndIncluding": "1.00.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-6212l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B662B4-2A1D-4ECB-9B71-BC6B6524625C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5029l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECC1DA1-433C-4A40-A00E-5CBADA21D2FE",
"versionEndIncluding": "1.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5029l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73E1F0F-71E7-4108-A3E9-34A70351DC05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2310l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19717483-8BBE-4313-AC13-5D56EEB6084D",
"versionEndIncluding": "2.03.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2310l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1DE1F9-002A-4EC9-A482-881A91A121AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2330l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AB59BB-3D79-45BF-9AA3-62C44A7F25E7",
"versionEndIncluding": "1.13.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2330l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9A8D3B-14B8-4CF7-8339-6504A21B7E98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-2132l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E216B5-995F-4AA0-83EC-99AD9B87F582",
"versionEndIncluding": "2.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-2132l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5F1984-B87D-400C-A9FE-8543C40986B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5222l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED5E89C-1745-4C93-A891-F6C819C9E7B7",
"versionEndIncluding": "2.12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5222l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C4B9CD-6029-4B92-8785-1349292EDD69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
},
{
"lang": "es",
"value": "Las c\u00e1maras DCS de D-Link tienen un archivo CrossDomain.XML d\u00e9bil/inseguro que permite a los sitios que alojan objetos Flash maliciosos acceder y/o cambiar la configuraci\u00f3n del dispositivo a trav\u00e9s de un ataque CSRF. Esto se debe a que el elemento secundario \u0027allow-access-from domain\u0027 se establece en *, aceptando as\u00ed peticiones de cualquier dominio. Si una v\u00edctima conectada a la consola web de la c\u00e1mara visita un sitio malicioso que aloja un archivo Flash malicioso desde otra pesta\u00f1a Navegador, el archivo Flash malicioso puede enviar solicitudes a la Camera de la serie DCS de la v\u00edctima sin conocer las credenciales. Un atacante puede alojar un archivo Flash malicioso que puede recuperar Live Feeds o informaci\u00f3n de la Camera de la serie DCS de la v\u00edctima, a\u00f1adir nuevos usuarios de administraci\u00f3n o realizar otros cambios en el dispositivo. Los dispositivos afectados conocidos son DCS-933L con firmware en versiones anteriores a 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L y DCS-932LB1."
}
],
"id": "CVE-2017-7852",
"lastModified": "2024-11-21T03:32:48.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T10:59:00.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-06 20:29
Modified
2024-11-21 04:20
Severity ?
Summary
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dcs-930l_firmware | * | |
| dlink | dcs-930l | - | |
| dlink | dcs-931l_firmware | * | |
| dlink | dcs-931l | - | |
| dlink | dcs-932l_firmware | * | |
| dlink | dcs-932l | - | |
| dlink | dcs-933l_firmware | * | |
| dlink | dcs-933l | - | |
| dlink | dcs-934l_firmware | * | |
| dlink | dcs-934l | - | |
| dlink | dcs-5009l_firmware | * | |
| dlink | dcs-5009l | - | |
| dlink | dcs-5010l_firmware | * | |
| dlink | dcs-5010l | - | |
| dlink | dcs-5020l_firmware | * | |
| dlink | dcs-5020l | - | |
| dlink | dcs-5025l_firmware | * | |
| dlink | dcs-5025l | - | |
| dlink | dcs-5030l_firmware | * | |
| dlink | dcs-5030l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-930l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43D81A6-FAF0-42C0-850E-12258BC2FFFC",
"versionEndIncluding": "2.16.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-930l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24CD425-B7C1-4828-AC1A-1A72A3559746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-931l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87BFDCBA-BFFA-4901-810E-2161B86825A6",
"versionEndIncluding": "1.14.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-931l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1F2866-F7C1-4EC5-8C46-3DE78CD04AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B961379-BEA7-441C-BFD9-77278D36E6AC",
"versionEndIncluding": "2.17.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34775D9A-F16B-43C5-A8F4-88C0F9760364",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-933l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C282C-53EB-41C0-A5AC-A7DCD8BD520F",
"versionEndIncluding": "1.14.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-933l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414352B6-6760-4D78-91FC-5198F62981E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-934l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25A3A23B-E582-44D4-AD09-AD5C83184E99",
"versionEndIncluding": "1.05.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-934l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E24CC28E-1446-48A3-83FD-ED135D5C8C6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5009l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "002EEE1D-DE0C-499A-BE6B-14AF2A9CD0D2",
"versionEndIncluding": "1.08.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5009l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B932DF47-F157-445E-8C52-0AAF1377E5C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5010l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFCCE20-D8D4-4DF3-8629-06FE695F124D",
"versionEndIncluding": "1.14.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5010l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D57DC437-96C8-41BD-8120-1949BFD3A8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5020l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF7392E-B671-416A-8CAB-EA1B57AD89F2",
"versionEndIncluding": "1.15.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5020l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00912CC-6F2F-4F13-BED1-0DCD4DF965DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5025l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC9555B-16C3-44B2-A462-E56CDB988773",
"versionEndIncluding": "1.03.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5025l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B9D7B6-8185-4A44-88B6-2DE8937539A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dcs-5030l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95C4DA13-FD90-4E6B-9A1C-F5562F6E0A9C",
"versionEndIncluding": "1.04.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dcs-5030l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9A416-A780-4532-8221-5674A7911198",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
},
{
"lang": "es",
"value": "Las series DCS de D-Link de c\u00e1maras Wi-Fi contienen una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en alphapd, el servidor web de la c\u00e1mara. El desbordamiento permite a un atacante autenticado de forma remota ejecutar c\u00f3digo arbitrario proporcionando una cadena larga en el par\u00e1metro WEPEncryption cuando solicita wireless.htm. Los dispositivos vulnerables incluyen DCS-5009L (1.08.11 y anteriores), DCS-5010L (1.14.09 y anteriores), DCS-5020L (1.15.12 y anteriores), DCS-5025L (1.03.07 y anteriores), DCS-5030L (1.04).10 y anteriores), DCS-930L (2.16.01 y anteriores), DCS-931L (1.14.11 y anteriores), DCS-932L (2.17.01y anteriores), DCS-933L (1.14.11 y anteriores) y DCS-934L (1.05.04 y anteriores)."
}
],
"id": "CVE-2019-10999",
"lastModified": "2024-11-21T04:20:19.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-06T20:29:01.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"source": "cve@mitre.org",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-41503
Vulnerability from cvelistv5
Published
2021-09-24 19:26
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:dcs-5000l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcs-5000l_firmware",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "1.05"
}
]
},
{
"cpes": [
"cpe:2.3:o:d-link:dcs-932l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcs-932l_firmware",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-41503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T17:43:56.690922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:47:54.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T19:47:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41503",
"datePublished": "2021-09-24T19:26:55",
"dateReserved": "2021-09-20T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41504
Vulnerability from cvelistv5
Published
2021-09-24 19:30
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T19:48:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41504",
"datePublished": "2021-09-24T19:30:35",
"dateReserved": "2021-09-20T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7852
Vulnerability from cvelistv5
Published
2017-04-24 10:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:28.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-24T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7852",
"datePublished": "2017-04-24T10:00:00",
"dateReserved": "2017-04-13T00:00:00",
"dateUpdated": "2024-08-05T16:19:28.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4046
Vulnerability from cvelistv5
Published
2012-12-24 18:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046 | x_refsource_MISC | |
| http://seclists.org/bugtraq/2012/Dec/98 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2012/Dec/98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-24T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2012/Dec/98"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046",
"refsource": "MISC",
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Dec/98"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4046",
"datePublished": "2012-12-24T18:00:00Z",
"dateReserved": "2012-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T03:13:29.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10999
Vulnerability from cvelistv5
Published
2019-05-06 19:30
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzywalls/CVE-2019-10999 | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T14:07:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzywalls/CVE-2019-10999",
"refsource": "MISC",
"url": "https://github.com/fuzzywalls/CVE-2019-10999"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10131"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10999",
"datePublished": "2019-05-06T19:30:57",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18441
Vulnerability from cvelistv5
Published
2018-12-20 22:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/",
"refsource": "MISC",
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18441",
"datePublished": "2018-12-20T22:00:00",
"dateReserved": "2018-10-17T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}