CVE-2021-41503

Published: Sep 24, 2021Modified: Nov 21, 2024

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Affected (2)

Products: Dlink: Dcs 932l Firmware · D Link: Dcs 5000l Firmware

1 product

Dcs 932l Firmware

1 product

Dcs 5000l Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 932l Firmware	Up to 2.17

Running on/with	Platform Versions
Dlink Dcs 932l	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dcs 5000l Firmware	Version 1.05

Running on/with	Platform Versions
Dlink Dcs 5000l	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247

Source: cve@mitre.org

Vendor Advisory

https://www.dlink.com/en/security-bulletin/

Source: cve@mitre.org

Vendor Advisory

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.dlink.com/en/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.