Dcs 932l Firmware
CVE-2021-41503
HIGH
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
AnalysisAI
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Affected products include: Dlink Dcs-932L Firmware, D-Link Dcs-5000L Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Dcs 932l Firmware
View allD-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access
A critical stack-based buffer overflow vulnerability exists in D-Link DCS-932L camera firmware version 2.18.01 in the se
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. Rated
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. Rated high severity (CV
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the funct
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSy
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. Rated high severity (CVSS 8.
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (D
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packe
A vulnerability was found in D-Link DCS-932L 2.18.01. Rated high severity (CVSS 8.7), this vulnerability is remotely exp
A vulnerability was found in D-Link DCS-932L 2.18.01. Rated high severity (CVSS 8.7), this vulnerability is remotely exp
A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Rated high severity (CVSS 8.7), this vu
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today