Search

Find a vulnerability

Search criteria

    15 vulnerabilities found for dcs-932l by dlink

    VAR-202506-0305

    Vulnerability from variot - Updated: 2025-07-17 23:41

    A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter AdminID in the file /setSystemAdmin failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0305",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dcs-932l  firmware  2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.18.01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5571"
          }
        ]
      },
      "cve": "CVE-2025-5571",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5571",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008997",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12283",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5571",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5571",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008997",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5571",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-5571",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-008997",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12283",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5571"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5571"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter AdminID in the file /setSystemAdmin failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5571"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5571",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311028",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5571"
          }
        ]
      },
      "id": "VAR-202506-0305",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          }
        ],
        "trust": 1.21538464
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          }
        ]
      },
      "last_update_date": "2025-07-17T23:41:06.447000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5571"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/wudipjq/my_vuln/blob/main/d-link5/vuln_42/42.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311028"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.588465"
          },
          {
            "trust": 1.8,
            "url": "https://www.dlink.com/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311028"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5571"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5571"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5571"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          },
          {
            "date": "2025-07-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "date": "2025-06-04T06:15:22.190000",
            "db": "NVD",
            "id": "CVE-2025-5571"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12283"
          },
          {
            "date": "2025-07-16T06:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          },
          {
            "date": "2025-07-15T17:22:25.537000",
            "db": "NVD",
            "id": "CVE-2025-5571"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DCS-932L\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008997"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0348

    Vulnerability from variot - Updated: 2025-06-15 23:46

    A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter EmailSMTPPortNumber in the file /setSystemEmail failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0348",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dcs-932l  firmware  2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.18.01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5572"
          }
        ]
      },
      "cve": "CVE-2025-5572",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5572",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006453",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12284",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5572",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-5572",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006453",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5572",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-5572",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006453",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12284",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5572"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5572"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter EmailSMTPPortNumber in the file /setSystemEmail failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5572",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311029",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5572"
          }
        ]
      },
      "id": "VAR-202506-0348",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          }
        ],
        "trust": 1.21538464
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          }
        ]
      },
      "last_update_date": "2025-06-15T23:46:07.271000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5572"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/wudipjq/my_vuln/blob/main/d-link5/vuln_43/43.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311029"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.588466"
          },
          {
            "trust": 1.8,
            "url": "https://www.dlink.com/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311029"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5572"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5572"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5572"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          },
          {
            "date": "2025-06-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "date": "2025-06-04T06:15:22.437000",
            "db": "NVD",
            "id": "CVE-2025-5572"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12284"
          },
          {
            "date": "2025-06-09T01:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          },
          {
            "date": "2025-06-06T18:48:37.333000",
            "db": "NVD",
            "id": "CVE-2025-5572"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DCS-932L\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006453"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0230

    Vulnerability from variot - Updated: 2025-06-15 23:30

    A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring.

    D-Link DCS-932L has a command injection vulnerability, which is caused by the parameter AdminID in the file /setSystemWizard failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0230",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dcs-932l  firmware  2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.18.01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5573"
          }
        ]
      },
      "cve": "CVE-2025-5573",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5573",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006494",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12282",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5573",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-5573",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006494",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5573",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-5573",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006494",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12282",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5573"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5573"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. \n\nD-Link DCS-932L has a command injection vulnerability, which is caused by the parameter AdminID in the file /setSystemWizard failing to properly filter special characters and commands in the constructed command. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5573"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5573",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311030",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5573"
          }
        ]
      },
      "id": "VAR-202506-0230",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          }
        ],
        "trust": 1.21538464
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          }
        ]
      },
      "last_update_date": "2025-06-15T23:30:16.351000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5573"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/wudipjq/my_vuln/blob/main/d-link5/vuln_44/44.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311030"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.588467"
          },
          {
            "trust": 1.8,
            "url": "https://www.dlink.com/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311030"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5573"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5573"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5573"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          },
          {
            "date": "2025-06-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "date": "2025-06-04T06:15:22.677000",
            "db": "NVD",
            "id": "CVE-2025-5573"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12282"
          },
          {
            "date": "2025-06-10T00:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          },
          {
            "date": "2025-06-06T18:48:46.463000",
            "db": "NVD",
            "id": "CVE-2025-5573"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DCS-932L\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006494"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-1786

    Vulnerability from variot - Updated: 2025-06-06 23:25

    A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter CameraName in the file /sbin/ucp failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1786",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dcs-932l  firmware  2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.18.01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4842"
          }
        ]
      },
      "cve": "CVE-2025-4842",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-4842",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006319",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-10948",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-4842",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-4842",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006319",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-4842",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-4842",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006319",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-10948",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4842"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4842"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter CameraName in the file /sbin/ucp failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-4842"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-4842",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "309310",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4842"
          }
        ]
      },
      "id": "VAR-202505-1786",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          }
        ],
        "trust": 1.21538464
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          }
        ]
      },
      "last_update_date": "2025-06-06T23:25:55.278000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4842"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/beacox/iot_vuln/tree/main/d-link/dcs-932l/ucp_bof"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.309310"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.574925"
          },
          {
            "trust": 1.8,
            "url": "https://www.dlink.com/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.309310"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-4842"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4842"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4842"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          },
          {
            "date": "2025-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "date": "2025-05-17T23:15:36.617000",
            "db": "NVD",
            "id": "CVE-2025-4842"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10948"
          },
          {
            "date": "2025-06-05T05:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          },
          {
            "date": "2025-06-04T20:11:46.547000",
            "db": "NVD",
            "id": "CVE-2025-4842"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DCS-932L\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006319"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-1807

    Vulnerability from variot - Updated: 2025-06-06 23:24

    A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter CameraName in the file /bin/gpio failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1807",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dcs-932l  firmware  2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.18.01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4841"
          }
        ]
      },
      "cve": "CVE-2025-4841",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-4841",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006205",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-10947",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-4841",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-4841",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006205",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-4841",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-4841",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006205",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-10947",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4841"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4841"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter CameraName in the file /bin/gpio failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-4841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-4841",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "309308",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4841"
          }
        ]
      },
      "id": "VAR-202505-1807",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          }
        ],
        "trust": 1.21538464
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          }
        ]
      },
      "last_update_date": "2025-06-06T23:24:43.783000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4841"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/beacox/iot_vuln/tree/main/d-link/dcs-932l/gpio_bof"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.309308"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.574924"
          },
          {
            "trust": 1.8,
            "url": "https://www.dlink.com/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.309308"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-4841"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4841"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4841"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          },
          {
            "date": "2025-06-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "date": "2025-05-17T23:15:36.407000",
            "db": "NVD",
            "id": "CVE-2025-4841"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10947"
          },
          {
            "date": "2025-06-04T05:45:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          },
          {
            "date": "2025-06-03T15:57:42.837000",
            "db": "NVD",
            "id": "CVE-2025-4841"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DCS-932L\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006205"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-1740

    Vulnerability from variot - Updated: 2025-06-06 23:10

    A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter CameraName in the file /sbin/udev failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1740",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dcs-932l  firmware  2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.18.01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4843"
          }
        ]
      },
      "cve": "CVE-2025-4843",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-4843",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006246",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-10949",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-4843",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-4843",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006246",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-4843",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-4843",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006246",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-10949",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4843"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DCS-932L The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. The vulnerability is caused by the parameter CameraName in the file /sbin/udev failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-4843"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-4843",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "309309",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4843"
          }
        ]
      },
      "id": "VAR-202505-1740",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          }
        ],
        "trust": 1.21538464
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          }
        ]
      },
      "last_update_date": "2025-06-06T23:10:40.113000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4843"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/beacox/iot_vuln/tree/main/d-link/dcs-932l/udev_bof"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.309309"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.574926"
          },
          {
            "trust": 1.8,
            "url": "https://www.dlink.com/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.309309"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-4843"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4843"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4843"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          },
          {
            "date": "2025-06-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "date": "2025-05-18T00:15:18.233000",
            "db": "NVD",
            "id": "CVE-2025-4843"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10949"
          },
          {
            "date": "2025-06-05T01:34:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          },
          {
            "date": "2025-06-04T20:11:36.947000",
            "db": "NVD",
            "id": "CVE-2025-4843"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DCS-932L\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006246"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202412-0587

    Vulnerability from variot - Updated: 2025-05-23 23:07

    A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. D-Link Systems, Inc. of DCS-932L Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring.

    D-Link DCS-932L REVB_FIRMWARE_2.18.01 version has a denial of service vulnerability, which is caused by null pointer dereference

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202412-0587",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dcs-932l  firmware  2.18.01"
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l revb 2.18.01",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-37606"
          }
        ]
      },
      "cve": "CVE-2024-37606",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-49511",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-37606",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-024089",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-37606",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-024089",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-49511",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-37606"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. D-Link Systems, Inc. of DCS-932L Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. D-Link DCS-932L is a network surveillance camera from D-Link, a Chinese company. It is used for security and monitoring. \n\nD-Link DCS-932L REVB_FIRMWARE_2.18.01 version has a denial of service vulnerability, which is caused by null pointer dereference",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-37606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-37606",
            "trust": 3.2
          },
          {
            "db": "DLINK",
            "id": "SAP10247",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-37606"
          }
        ]
      },
      "id": "VAR-202412-0587",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          }
        ],
        "trust": 1.21538464
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          }
        ]
      },
      "last_update_date": "2025-05-23T23:07:10.274000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-37606"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10247"
          },
          {
            "trust": 1.8,
            "url": "https://www.dlink.com/en"
          },
          {
            "trust": 1.8,
            "url": "https://www.dlink.com/en/security-bulletin/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-37606"
          },
          {
            "trust": 1.0,
            "url": "https://docs.google.com/document/d/1qwjh2jgehmyew3oefmqnsrlkdatmsu6twjkk1p3qfas/edit?usp=sharing"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-37606"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-37606"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          },
          {
            "date": "2025-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "date": "2024-12-17T15:15:13.643000",
            "db": "NVD",
            "id": "CVE-2024-37606"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-49511"
          },
          {
            "date": "2025-05-22T02:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          },
          {
            "date": "2025-05-21T16:01:39.770000",
            "db": "NVD",
            "id": "CVE-2024-37606"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DCS-932L\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-024089"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201704-1588

    Vulnerability from variot - Updated: 2025-04-20 22:12

    D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. plural D-Link DCS The camera contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDCS-933L is a wireless surveillance camera device from D-Link. There are security holes in several D-LinkDCS cameras. D-Link DCS-933L, etc. The following products are affected: D-Link DCS-5030L; DCS-5020L; DCS-2530L; DCS-2630L;

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-1588",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-5009l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.07.05"
          },
          {
            "model": "dcs-7010l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.08.01"
          },
          {
            "model": "dcs-2136l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.04.01"
          },
          {
            "model": "dcs-930l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.13.15"
          },
          {
            "model": "dcs-2330l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.13.00"
          },
          {
            "model": "dcs-931l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.13.05"
          },
          {
            "model": "dcs-2310l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.08.01"
          },
          {
            "model": "dcs-5000l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.02.02"
          },
          {
            "model": "dcs-5222l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.12.00"
          },
          {
            "model": "dcs-942l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.11.03"
          },
          {
            "model": "dcs-2132l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.08.01"
          },
          {
            "model": "dcs-932l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.13.15"
          },
          {
            "model": "dcs-2310l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.03.00"
          },
          {
            "model": "dcs-932l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.13.04"
          },
          {
            "model": "dcs-6212l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00.12"
          },
          {
            "model": "dcs-2132l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.12.00"
          },
          {
            "model": "dcs-7000l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.04.00"
          },
          {
            "model": "dcs-5025l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.02.10"
          },
          {
            "model": "dcs-5029l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.12.00"
          },
          {
            "model": "dcs-942l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.27"
          },
          {
            "model": "dcs-5010l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.13.05"
          },
          {
            "model": "dcs-5020l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.13.05"
          },
          {
            "model": "dcs-930l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.15.04"
          },
          {
            "model": "dcs-934l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.04.15"
          },
          {
            "model": "dcs-2210l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03.01"
          },
          {
            "model": "dcs-6010l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.15.01"
          },
          {
            "model": "dcs-2530l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00.21"
          },
          {
            "model": "dcs-2332l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.08.01"
          },
          {
            "model": "dcs-5030l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.01.06"
          },
          {
            "model": "dcs-2230l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03.01"
          },
          {
            "model": "dcs-933l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.13.05"
          },
          {
            "model": "dcs-2132l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2136l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2210l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2230l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2310l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2330l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2332l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2530l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5000l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5009l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5010l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5020l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5025l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5029l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5030l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5222l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-6010l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-6212l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-7000l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-7010l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-930l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-931l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-933l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-934l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-942l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13.05"
          },
          {
            "model": "dcs-933l",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13.05"
          },
          {
            "model": "dcs-5030l",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13.05"
          },
          {
            "model": "dcs-5020l",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13.05"
          },
          {
            "model": "dcs-2530l",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13.05"
          },
          {
            "model": "dcs-2630l",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13.05"
          },
          {
            "model": "dcs-7000l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.04.00"
          },
          {
            "model": "dcs-2136l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.04.01"
          },
          {
            "model": "dcs-5000l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.02.02"
          },
          {
            "model": "dcs-5029l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.12.00"
          },
          {
            "model": "dcs-2310l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.03.00"
          },
          {
            "model": "dcs-2330l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13.00"
          },
          {
            "model": "dcs-2132l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.12.00"
          },
          {
            "model": "dcs-2132l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.08.01"
          },
          {
            "model": "dcs-2210l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.03.01"
          },
          {
            "model": "dcs-5025l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.02.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "dcs 932l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "dcs 942l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "dcs 2310l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "dcs 2132l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "dcs 930l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2230l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 934l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 931l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 933l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5009l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5010l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5020l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5000l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5025l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5030l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2210l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2136l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 7000l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 6212l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5222l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5029l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2332l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2330l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 6010l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 7010l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2530l",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7852"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2132l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2136l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2210l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2230l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2310l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2330l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2332l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2530l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5000l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5009l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5010l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5020l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5025l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5029l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5030l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5222l__firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-6010l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-6212l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-7000l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-7010l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-930l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-931l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-932l_camera_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-933l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-934l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-942l_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          }
        ]
      },
      "cve": "CVE-2017-7852",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-7852",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-06729",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-116055",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-7852",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-7852",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-7852",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-7852",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-06729",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-783",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116055",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7852"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device\u0027s settings via a CSRF attack. This is because of the \u0027allow-access-from domain\u0027 child element set to *, thus accepting requests from any domain. If a victim logged into the camera\u0027s web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim\u0027s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim\u0027s DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. plural D-Link DCS The camera contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDCS-933L is a wireless surveillance camera device from D-Link. There are security holes in several D-LinkDCS cameras. D-Link DCS-933L, etc. The following products are affected: D-Link DCS-5030L; DCS-5020L; DCS-2530L; DCS-2630L;",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7852"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "db": "IVD",
            "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116055"
          }
        ],
        "trust": 2.43
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-116055",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116055"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7852",
            "trust": 3.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-783",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "76B829DA-D734-4842-BAE5-3DD9FF5F23DC",
            "trust": 0.2
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "42074",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "142702",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-116055",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7852"
          }
        ]
      },
      "id": "VAR-201704-1588",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116055"
          }
        ],
        "trust": 1.675429490909091
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          },
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          }
        ]
      },
      "last_update_date": "2025-04-20T22:12:28.666000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://us.dlink.com/"
          },
          {
            "title": "Patch for D-LinkDCS Cross-site Forgery Request Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/93817"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7852"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7852"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7852"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7852"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116055"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7852"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-16T00:00:00",
            "db": "IVD",
            "id": "76b829da-d734-4842-bae5-3dd9ff5f23dc"
          },
          {
            "date": "2017-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "date": "2017-04-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116055"
          },
          {
            "date": "2017-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "date": "2017-04-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          },
          {
            "date": "2017-04-24T10:59:00.160000",
            "db": "NVD",
            "id": "CVE-2017-7852"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-06729"
          },
          {
            "date": "2017-05-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116055"
          },
          {
            "date": "2017-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-7852"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  D-Link DCS Cross-site request forgery vulnerability in camera",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003648"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-783"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201212-0024

    Vulnerability from variot - Updated: 2025-04-11 21:21

    The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. D-Link DCS-932L Cloud Camera is a home infrared wireless network camera cloud camera. D-Link DCS-932L Cloud Camera has an error when processing UDP requests for device passwords. D-Link DCS-932L is prone to an information-disclosure vulnerability. D-Link DCS-932L 1.02 is vulnerable; other versions may also be affected.

    CVE-2012-4046

    Details: http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046 . ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: D-Link DCS-932L Password Request Handling Security Issue

    SECUNIA ADVISORY ID: SA51610

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51610/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51610

    RELEASE DATE: 2012-12-20

    DISCUSS ADVISORY: http://secunia.com/advisories/51610/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/51610/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=51610

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Jason Doyle has reported a security issue in D-Link DCS-932L, which can be exploited by malicious people to gain knowledge of sensitive information.

    The vulnerability is reported in firmware version 1.02.

    SOLUTION: No official solution is currently available.

    PROVIDED AND/OR DISCOVERED BY: Jason Doyle

    ORIGINAL ADVISORY: http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201212-0024",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "d link",
            "version": "1.02"
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.02"
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l cloud camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1100"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4046"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:d-link:dcs-932l_camera",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-932l_camera_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jason Doyle",
        "sources": [
          {
            "db": "BID",
            "id": "57011"
          },
          {
            "db": "PACKETSTORM",
            "id": "118850"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2012-4046",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2012-4046",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-57327",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-4046",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-4046",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201212-301",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-57327",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-57327"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4046"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value. D-Link DCS-932L Cloud Camera is a home infrared wireless network camera cloud camera. D-Link DCS-932L Cloud Camera has an error when processing UDP requests for device passwords. D-Link DCS-932L is prone to an information-disclosure vulnerability. \nD-Link DCS-932L 1.02 is vulnerable; other versions may also be affected. \n\nCVE-2012-4046\n\nDetails:\nhttp://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046\n. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DCS-932L Password Request Handling Security Issue\n\nSECUNIA ADVISORY ID:\nSA51610\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51610/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51610\n\nRELEASE DATE:\n2012-12-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51610/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51610/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51610\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nJason Doyle has reported a security issue in D-Link DCS-932L, which\ncan be exploited by malicious people to gain knowledge of sensitive\ninformation. \n\nThe vulnerability is reported in firmware version 1.02. \n\nSOLUTION:\nNo official solution is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nJason Doyle\n\nORIGINAL ADVISORY:\nhttp://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-4046"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "db": "BID",
            "id": "57011"
          },
          {
            "db": "VULHUB",
            "id": "VHN-57327"
          },
          {
            "db": "PACKETSTORM",
            "id": "118850"
          },
          {
            "db": "PACKETSTORM",
            "id": "118979"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-57327",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-57327"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-4046",
            "trust": 3.7
          },
          {
            "db": "SECUNIA",
            "id": "51610",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "57011",
            "trust": 0.4
          },
          {
            "db": "PACKETSTORM",
            "id": "118850",
            "trust": 0.2
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-60527",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-57327",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "118979",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-57327"
          },
          {
            "db": "BID",
            "id": "57011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "db": "PACKETSTORM",
            "id": "118850"
          },
          {
            "db": "PACKETSTORM",
            "id": "118979"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4046"
          }
        ]
      },
      "id": "VAR-201212-0024",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-57327"
          }
        ],
        "trust": 1.60769232
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "camera device"
            ],
            "sub_category": "IP camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          }
        ]
      },
      "last_update_date": "2025-04-11T21:21:43.729000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DCS-932L",
            "trust": 0.8,
            "url": "http://mydlink.dlink.com/products/DCS-932L"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-57327"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4046"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/bugtraq/2012/dec/98"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4046"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4046"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/51610/http"
          },
          {
            "trust": 0.3,
            "url": "http://www.dlink.com/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4046"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51610/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51610"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51610/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-57327"
          },
          {
            "db": "BID",
            "id": "57011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "db": "PACKETSTORM",
            "id": "118850"
          },
          {
            "db": "PACKETSTORM",
            "id": "118979"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4046"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-57327"
          },
          {
            "db": "BID",
            "id": "57011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "db": "PACKETSTORM",
            "id": "118850"
          },
          {
            "db": "PACKETSTORM",
            "id": "118979"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4046"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "date": "2012-12-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-57327"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "BID",
            "id": "57011"
          },
          {
            "date": "2012-12-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "date": "2012-12-14T17:22:22",
            "db": "PACKETSTORM",
            "id": "118850"
          },
          {
            "date": "2012-12-21T08:02:15",
            "db": "PACKETSTORM",
            "id": "118979"
          },
          {
            "date": "2012-12-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          },
          {
            "date": "2012-12-24T18:55:02.040000",
            "db": "NVD",
            "id": "CVE-2012-4046"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "date": "2015-03-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-57327"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "BID",
            "id": "57011"
          },
          {
            "date": "2012-12-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005793"
          },
          {
            "date": "2023-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-4046"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DCS-932L Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201212-301"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201905-1066

    Vulnerability from variot - Updated: 2025-01-30 20:44

    The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). plural D-Link DCS series Product Wi-Fi camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DCS-5009L and so on are all DCS series IP cameras produced by Taiwan D-Link Company. Alphapd in several D-Link products has a stack-based buffer overflow vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: D-Link DCS-5009L 1.08.11 and earlier; DCS-5010L 1.14.09 and earlier; DCS-5020L 1.15.12 and earlier; DCS-5025L 1.03.07 and earlier; DCS-5030L 1.04.10 and earlier; DCS-930L 2.16.01 and earlier; DCS-931L 1.14.11 and earlier; DCS-932L 2.17.01 and earlier; DCS-933L 1.14.11 and earlier; DCS-934L 1.05.04 and earlier versions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1066",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-934l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.05.04"
          },
          {
            "model": "dcs-5030l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.04.10"
          },
          {
            "model": "dcs-5009l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.08.11"
          },
          {
            "model": "dcs-932l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.17.01"
          },
          {
            "model": "dcs-931l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.14.11"
          },
          {
            "model": "dcs-933l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.14.11"
          },
          {
            "model": "dcs-5025l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03.07"
          },
          {
            "model": "dcs-930l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.16.01"
          },
          {
            "model": "dcs-5010l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.14.09"
          },
          {
            "model": "dcs-5020l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.15.12"
          },
          {
            "model": "dcs-5009l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.08.11"
          },
          {
            "model": "dcs-5010l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.14.09"
          },
          {
            "model": "dcs-5020l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.15.12"
          },
          {
            "model": "dcs-5025l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.03.07"
          },
          {
            "model": "dcs-5030l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.04.10"
          },
          {
            "model": "dcs-930l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.16.01"
          },
          {
            "model": "dcs-931l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.14.11"
          },
          {
            "model": "dcs-932l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.17.01"
          },
          {
            "model": "dcs-933l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.14.11"
          },
          {
            "model": "dcs-934l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.05.04"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10999"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5009l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5010l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5020l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5025l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5030l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-930l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-931l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-932l_camera_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-933l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-934l_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          }
        ]
      },
      "cve": "CVE-2019-10999",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-10999",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-142601",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-10999",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-10999",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-10999",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-138",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-142601",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-10999",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142601"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-138"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10999"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera\u0027s web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below). plural D-Link DCS series Product Wi-Fi camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DCS-5009L and so on are all DCS series IP cameras produced by Taiwan D-Link Company. Alphapd in several D-Link products has a stack-based buffer overflow vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: D-Link DCS-5009L 1.08.11 and earlier; DCS-5010L 1.14.09 and earlier; DCS-5020L 1.15.12 and earlier; DCS-5025L 1.03.07 and earlier; DCS-5030L 1.04.10 and earlier; DCS-930L 2.16.01 and earlier; DCS-931L 1.14.11 and earlier; DCS-932L 2.17.01 and earlier; DCS-933L 1.14.11 and earlier; DCS-934L 1.05.04 and earlier versions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "db": "VULHUB",
            "id": "VHN-142601"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10999"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10999",
            "trust": 2.7
          },
          {
            "db": "DLINK",
            "id": "SAP10131",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-138",
            "trust": 0.7
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-142601",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10999",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-142601"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-138"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10999"
          }
        ]
      },
      "id": "VAR-201905-1066",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-142601"
          }
        ],
        "trust": 0.824516308
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:44:51.193000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.dlink.com/en/consumer"
          },
          {
            "title": "CVE-2019-10999",
            "trust": 0.1,
            "url": "https://github.com/qjh2333/CVE-2019-10999 "
          },
          {
            "title": "PoC-in-GitHub",
            "trust": 0.1,
            "url": "https://github.com/developer3000S/PoC-in-GitHub "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/khulnasoft-lab/awesome-security "
          },
          {
            "title": "PoC-in-GitHub",
            "trust": 0.1,
            "url": "https://github.com/hectorgie/PoC-in-GitHub "
          },
          {
            "title": "CVE-POC",
            "trust": 0.1,
            "url": "https://github.com/0xT11/CVE-POC "
          },
          {
            "title": "PoC-in-GitHub",
            "trust": 0.1,
            "url": "https://github.com/nomi-sec/PoC-in-GitHub "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-10999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-142601"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10999"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://github.com/fuzzywalls/cve-2019-10999"
          },
          {
            "trust": 1.8,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10131"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10999"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10999"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/qjh2333/cve-2019-10999"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/nomi-sec/poc-in-github"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-142601"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-138"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10999"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-142601"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10999"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-138"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10999"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142601"
          },
          {
            "date": "2019-05-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-10999"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "date": "2019-05-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-138"
          },
          {
            "date": "2019-05-06T20:29:01.210000",
            "db": "NVD",
            "id": "CVE-2019-10999"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-142601"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-10999"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-138"
          },
          {
            "date": "2024-11-21T04:20:19.520000",
            "db": "NVD",
            "id": "CVE-2019-10999"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-138"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  D-Link DCS series Product  Wi-Fi camera Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004361"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-138"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-0065

    Vulnerability from variot - Updated: 2025-01-30 19:33

    D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: /common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. / Output settings, speaker and sensor settings information, etc. D-Link DCS-936L, etc. The following products are affected: D-Link DCS-936L; DCS-942L; DCS-8000LH; DCS-942LB1; 5222LB1; DCS-5020L, etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0065",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-936l",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-942l",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-8000lh",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-942lb1",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5222l",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-825l",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2630l",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-820l",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-855l",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-2121",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-930l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dcs-5030l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dcs-933l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dcs-5222l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-936l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-825l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-2630l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-942lb1",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-5222lb1",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-8100lh",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-932l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dcs-2102",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-942l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dcs-5020l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dcs-820l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-2121",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-8000lh",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-855l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "d link",
            "version": "1.00"
          },
          {
            "model": "dcs-5222lb1",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5020l",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "dcs 942lb1",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 936l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2121",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5222lb1",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5020l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 930l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 8100lh",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 932l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2102",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 933l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5030l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 942l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 8000lh",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 5222l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 825l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 2630l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 820l",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dcs 855l",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d831f62-463f-11e9-8196-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18441"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2121_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-2630l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-5222l__firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-8000lh_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-820l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-825l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-855l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-936l",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-942l_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dcs-942lb1_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          }
        ]
      },
      "cve": "CVE-2018-18441",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-18441",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-26797",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d831f62-463f-11e9-8196-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-129001",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-18441",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-18441",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-18441",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-26797",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-968",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d831f62-463f-11e9-8196-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-129001",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d831f62-463f-11e9-8196-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-968"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18441"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: \u003cCamera-IP\u003e/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. / Output settings, speaker and sensor settings information, etc. D-Link DCS-936L, etc. The following products are affected: D-Link DCS-936L; DCS-942L; DCS-8000LH; DCS-942LB1; 5222LB1; DCS-5020L, etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18441"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "db": "IVD",
            "id": "7d831f62-463f-11e9-8196-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129001"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18441",
            "trust": 3.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-968",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "7D831F62-463F-11E9-8196-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-129001",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "7d831f62-463f-11e9-8196-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-968"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18441"
          }
        ]
      },
      "id": "VAR-201812-0065",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "7d831f62-463f-11e9-8196-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129001"
          }
        ],
        "trust": 1.6519531171428572
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          },
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "7d831f62-463f-11e9-8196-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          }
        ]
      },
      "last_update_date": "2025-01-30T19:33:35.858000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.dlink.com/en/consumer"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-129001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18441"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18441"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18441"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-968"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18441"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "7d831f62-463f-11e9-8196-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "db": "VULHUB",
            "id": "VHN-129001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-968"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18441"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-12-28T00:00:00",
            "db": "IVD",
            "id": "7d831f62-463f-11e9-8196-000c29342cb1"
          },
          {
            "date": "2018-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129001"
          },
          {
            "date": "2019-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "date": "2018-12-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-968"
          },
          {
            "date": "2018-12-20T23:29:00.707000",
            "db": "NVD",
            "id": "CVE-2018-18441"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-26797"
          },
          {
            "date": "2019-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-129001"
          },
          {
            "date": "2019-03-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          },
          {
            "date": "2023-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-968"
          },
          {
            "date": "2024-11-21T03:55:56.640000",
            "db": "NVD",
            "id": "CVE-2018-18441"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-968"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  D-Link DCS series Product  Wi-Fi Information disclosure vulnerability in cameras",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014473"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-968"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1107

    Vulnerability from variot - Updated: 2024-11-23 22:37

    DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DCS-5000L and DCS-932L There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera.

    D-Link DCS-5000L and DCS-932L have security vulnerabilities, which stem from the lack of effective trust management mechanisms in network systems or products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1107",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-5000l",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "d link",
            "version": "1.05"
          },
          {
            "model": "dcs-932l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.17"
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5000l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-932l",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "d link",
            "version": "\u003c=2.17"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41503"
          }
        ]
      },
      "cve": "CVE-2021-41503",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CVE-2021-41503",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2021-94831",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2021-41503",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-41503",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-41503",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2021-41503",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-41503",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-94831",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-1686",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-41503",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41503"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41503"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DCS-5000L and DCS-932L There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera. \n\r\n\r\nD-Link DCS-5000L and DCS-932L have security vulnerabilities, which stem from the lack of effective trust management mechanisms in network systems or products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-41503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41503"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-41503",
            "trust": 3.9
          },
          {
            "db": "DLINK",
            "id": "SAP10247",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1686",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41503",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41503"
          }
        ]
      },
      "id": "VAR-202109-1107",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          }
        ],
        "trust": 1.229120885
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:37:01.457000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "",
            "trust": 0.8,
            "url": "https://www.dlink.com/en/security-bulletin"
          },
          {
            "title": "Patch for D-Link DCS-5000L and DCS-932L authorization issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/302891"
          },
          {
            "title": "D-link Dcs-932L  and D-link Dcs-5000L Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164768"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41503"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41503"
          },
          {
            "trust": 1.7,
            "url": "https://www.dlink.com/en/security-bulletin/"
          },
          {
            "trust": 1.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10247"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41503"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41503"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "date": "2021-09-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-41503"
          },
          {
            "date": "2022-08-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "date": "2021-09-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          },
          {
            "date": "2021-09-24T20:15:07.373000",
            "db": "NVD",
            "id": "CVE-2021-41503"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-94831"
          },
          {
            "date": "2021-09-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-41503"
          },
          {
            "date": "2022-08-31T07:43:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          },
          {
            "date": "2021-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          },
          {
            "date": "2024-11-21T06:26:20.110000",
            "db": "NVD",
            "id": "CVE-2021-41503"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "DCS-5000L\u00a0 and \u00a0DCS-932L\u00a0 Authentication vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012454"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1686"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1847

    Vulnerability from variot - Updated: 2024-11-23 22:37

    An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DCS-5000L and DCS-932L Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1847",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dcs-5000l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.05"
          },
          {
            "model": "dcs-932l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.17"
          },
          {
            "model": "dcs-932l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5000l",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dcs-5000l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.05"
          },
          {
            "model": "dcs-932l",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "d link",
            "version": "\u003c=2.17"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41504"
          }
        ]
      },
      "cve": "CVE-2021-41504",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CVE-2021-41504",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2021-94833",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2021-41504",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-41504",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-41504",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-41504",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-94833",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-1690",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-41504",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41504"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DCS-5000L and DCS-932L Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-41504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41504"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-41504",
            "trust": 3.9
          },
          {
            "db": "DLINK",
            "id": "SAP10247",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1690",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41504",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41504"
          }
        ]
      },
      "id": "VAR-202109-1847",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          }
        ],
        "trust": 1.229120885
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:37:01.428000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "",
            "trust": 0.8,
            "url": "https://www.dlink.com/en/security-bulletin"
          },
          {
            "title": "Patch for D-Link DCS-5000L and DCS-932L privilege escalation vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/302896"
          },
          {
            "title": "D-link Dcs-932L  and D-link Dcs-5000L Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164770"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41504"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41504"
          },
          {
            "trust": 1.7,
            "url": "https://www.dlink.com/en/security-bulletin/"
          },
          {
            "trust": 1.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10247"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/269.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41504"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-41504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-41504"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "date": "2021-09-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-41504"
          },
          {
            "date": "2022-08-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "date": "2021-09-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          },
          {
            "date": "2021-09-24T20:15:07.437000",
            "db": "NVD",
            "id": "CVE-2021-41504"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-94833"
          },
          {
            "date": "2021-09-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-41504"
          },
          {
            "date": "2022-08-31T07:40:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          },
          {
            "date": "2022-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          },
          {
            "date": "2024-11-21T06:26:20.360000",
            "db": "NVD",
            "id": "CVE-2021-41504"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0DCS-5000L\u00a0 and \u00a0DCS-932L\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012453"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1690"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2012-4046 (GCVE-0-2012-4046)

    Vulnerability from nvd – Published: 2012-12-24 18:00 – Updated: 2024-09-17 03:13
    VLAI
    Summary
    The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.fishnetsecurity.com/6labs/blog/passwor… x_refsource_MISC
    http://seclists.org/bugtraq/2012/Dec/98 mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:21:04.114Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
              },
              {
                "name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2012/Dec/98"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-12-24T18:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
            },
            {
              "name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2012/Dec/98"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-4046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046",
                  "refsource": "MISC",
                  "url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
                },
                {
                  "name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
                  "refsource": "BUGTRAQ",
                  "url": "http://seclists.org/bugtraq/2012/Dec/98"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-4046",
        "datePublished": "2012-12-24T18:00:00.000Z",
        "dateReserved": "2012-07-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:29.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-4046 (GCVE-0-2012-4046)

    Vulnerability from cvelistv5 – Published: 2012-12-24 18:00 – Updated: 2024-09-17 03:13
    VLAI
    Summary
    The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.fishnetsecurity.com/6labs/blog/passwor… x_refsource_MISC
    http://seclists.org/bugtraq/2012/Dec/98 mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:21:04.114Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
              },
              {
                "name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2012/Dec/98"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-12-24T18:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
            },
            {
              "name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2012/Dec/98"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-4046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046",
                  "refsource": "MISC",
                  "url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
                },
                {
                  "name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
                  "refsource": "BUGTRAQ",
                  "url": "http://seclists.org/bugtraq/2012/Dec/98"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-4046",
        "datePublished": "2012-12-24T18:00:00.000Z",
        "dateReserved": "2012-07-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:29.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }