Skip to main content

Dcs 932l Firmware CVE-2021-41503

HIGH
Improper Authentication (CWE-287)
2021-09-24 cve@mitre.org
8.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 24, 2021 - 20:15 nvd
HIGH 8.0

DescriptionNVD

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

AnalysisAI

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Affected products include: Dlink Dcs-932L Firmware, D-Link Dcs-5000L Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2017-7852 HIGH POC
8.8 Apr 24

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access

CVE-2025-5572 HIGH POC
8.8 Jun 04

A critical stack-based buffer overflow vulnerability exists in D-Link DCS-932L camera firmware version 2.18.01 in the se

CVE-2019-10999 HIGH POC
8.8 May 06

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. Rated

CVE-2018-18441 HIGH POC
7.5 Dec 20

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. Rated high severity (CV

CVE-2025-5573 MEDIUM POC
6.3 Jun 04

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the funct

CVE-2025-5571 MEDIUM POC
6.3 Jun 04

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSy

CVE-2021-41504 HIGH
8.0 Sep 24

An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. Rated high severity (CVSS 8.

CVE-2024-37606 MEDIUM
6.5 Dec 17

A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (D

CVE-2012-4046 LOW
3.3 Dec 24

The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packe

CVE-2025-4843 HIGH POC
8.7 May 18

A vulnerability was found in D-Link DCS-932L 2.18.01. Rated high severity (CVSS 8.7), this vulnerability is remotely exp

CVE-2025-4842 HIGH POC
8.7 May 17

A vulnerability was found in D-Link DCS-932L 2.18.01. Rated high severity (CVSS 8.7), this vulnerability is remotely exp

CVE-2025-4841 HIGH POC
8.7 May 17

A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Rated high severity (CVSS 8.7), this vu

Share

CVE-2021-41503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy