Dcs 932l Firmware
CVE-2021-41504
HIGH
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
AnalysisAI
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Affected products include: Dlink Dcs-932L Firmware, Dlink Dcs-5000L Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Dcs 932l Firmware
View allD-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access
A critical stack-based buffer overflow vulnerability exists in D-Link DCS-932L camera firmware version 2.18.01 in the se
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. Rated
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. Rated high severity (CV
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the funct
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSy
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. Rated high severity (CVSS 8.0), th
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (D
The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packe
A vulnerability was found in D-Link DCS-932L 2.18.01. Rated high severity (CVSS 8.7), this vulnerability is remotely exp
A vulnerability was found in D-Link DCS-932L 2.18.01. Rated high severity (CVSS 8.7), this vulnerability is remotely exp
A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Rated high severity (CVSS 8.7), this vu
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today