7.5

CVE-2018-18441

Exploit

EPSS 1.52%
Veröffentlicht 20.12.2018 23:29:00
Zuletzt bearbeitet 21.11.2024 03:55:56
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

D-link ≫ Dcs-936l Firmware Version >= 1.00

Dlink ≫ Dcs-936l Version-

Dlink ≫ Dcs-942l Firmware Version >= 1.00

Dlink ≫ Dcs-942l Version-

D-link ≫ Dcs-8000lh Firmware Version >= 1.00

Dlink ≫ Dcs-8000lh Version-

D-link ≫ Dcs-942lb1 Firmware Version >= 1.00

Dlink ≫ Dcs-942lb1 Version-

D-link ≫ Dcs-5222l Firmware Version >= 1.00

Dlink ≫ Dcs-5222l Version-

D-link ≫ Dcs-825l Firmware Version >= 1.00

Dlink ≫ Dcs-825l Version-

D-link ≫ Dcs-2630l Firmware Version >= 1.00

Dlink ≫ Dcs-2630l Version-

D-link ≫ Dcs-820l Firmware Version >= 1.00

Dlink ≫ Dcs-820l Version-

D-link ≫ Dcs-855l Firmware Version >= 1.00

Dlink ≫ Dcs-855l Version-

D-link ≫ Dcs-2121 Firmware Version >= 1.00

Dlink ≫ Dcs-2121 Version-

D-link ≫ Dcs-5222lb1 Firmware Version >= 1.00

Dlink ≫ Dcs-5222lb1 Version-

Dlink ≫ Dcs-5020l Firmware Version >= 1.00

Dlink ≫ Dcs-5020l Version-

Dlink ≫ Dcs-930l Firmware Version >= 1.00

Dlink ≫ Dcs-930l Version-

D-link ≫ Dcs-8100lh Firmware Version >= 1.00

Dlink ≫ Dcs-8100lh Version-

Dlink ≫ Dcs-932l Firmware Version >= 1.00

Dlink ≫ Dcs-932l Version-

D-link ≫ Dcs-2102 Firmware Version >= 1.00

Dlink ≫ Dcs-2102 Version-

D-link ≫ Dcs-942lb1 Firmware Version >= 1.00

Dlink ≫ Dcs-942lb1 Version-

Dlink ≫ Dcs-933l Firmware Version >= 1.00

Dlink ≫ Dcs-933l Version-

Dlink ≫ Dcs-5030l Firmware Version >= 1.00

Dlink ≫ Dcs-5030l Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.52%	0.807

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-18441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18441

EUVD