← Voltar para CVEs
CVE-2017-8409
HIGH7.5
Descricao
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/2/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
dlink:dcs-1130dlink:dcs-1130_firmware
Fraquezas (CWE)
CWE-285
Referencias
http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html(cve@mitre.org)
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jun/8(cve@mitre.org)
http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jun/8(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.