CVE-2018-18767

Published: Dec 20, 2018Modified: Nov 21, 2024

7.0

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials.

Affected (2)

Products: Dlink: Mydlink Baby Camera Monitor · D Link: Dcs 825l Firmware

1 product

Mydlink Baby Camera Monitor

1 product

Dcs 825l Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dlink Mydlink Baby Camera Monitor	Version 2.04.06

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 825l Firmware	Version 1.08

Running on/with	Platform Versions
Dlink Dcs 825l	All versions

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/

Source: cve@mitre.org

ExploitThird Party Advisory

https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.