CVE-2018-18441

Published: Dec 20, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.

Affected (18)

Products: D Link: Dcs 936l Firmware, Dcs 8000lh Firmware, Dcs 5222l Firmware, Dcs 825l Firmware, Dcs 2630l Firmware, Dcs 820l Firmware, Dcs 855l Firmware, Dcs 2121 Firmware, Dcs 5222lb1 Firmware, Dcs 8100lh Firmware, Dcs 2102 Firmware, Dcs 942lb1 Firmware · Dlink: Dcs 942l Firmware, Dcs 5020l Firmware, Dcs 930l Firmware, Dcs 932l Firmware, Dcs 933l Firmware, Dcs 5030l Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 936l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 936l	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 942l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 942l	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 8000lh Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 8000lh	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 5222l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 5222l	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 825l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 825l	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 2630l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 2630l	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 820l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 820l	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 855l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 855l	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 2121 Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 2121	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 5222lb1 Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 5222lb1	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 5020l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 5020l	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 930l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 930l	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 8100lh Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 8100lh	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 932l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 932l	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 2102 Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 2102	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 942lb1 Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 942lb1	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 933l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 933l	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 5030l Firmware	From 1.00

Running on/with	Platform Versions
Dlink Dcs 5030l	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/

Source: cve@mitre.org

ExploitThird Party Advisory

https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.