Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-8409

An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.

Published

2019-07-02T20:15:11.043

Last Modified

2024-11-21T03:33:58.840

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-285

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dcs-1130_firmware	-	Yes
Hardware	dlink	dcs-1130	-	No

References

http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html Third Party Advisory, VDB Entry ([email protected])
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf Exploit, Third Party Advisory ([email protected])
https://seclists.org/bugtraq/2019/Jun/8 Mailing List, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jun/8 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)