Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dcs\-1130_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-02 | CVE-2017-8411 | An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a... | Dcs\-1130_firmware | 8.8 | ||
| 2020-01-28 | CVE-2013-1603 | An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded... | Dcs\-1100_firmware, Dcs\-1100l_firmware, Dcs\-1130_firmware, Dcs\-1130l_firmware, Dcs\-2102_firmware, Dcs\-2121_firmware, Dcs\-3410_firmware, Dcs\-3411_firmware, Dcs\-3430_firmware, Dcs\-5230_firmware, Dcs\-5230l_firmware, Dcs\-5605_firmware, Dcs\-5635_firmware, Dcs\-6410_firmware, Dcs\-7410_firmware, Dcs\-7510_firmware, Wcs\-1100_firmware | 5.3 | ||
| 2019-07-02 | CVE-2017-8407 | An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password. | Dcs\-1130_firmware | 8.8 | ||
| 2019-07-02 | CVE-2017-8405 | An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device... | Dcs\-1100_firmware, Dcs\-1130_firmware | 7.5 | ||
| 2019-07-02 | CVE-2017-8409 | An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. | Dcs\-1130_firmware | 7.5 | ||
| 2019-07-02 | CVE-2017-8414 | An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption. | Dcs\-1100_firmware, Dcs\-1130_firmware | 7.8 | ||
| 2019-07-02 | CVE-2017-8416 | An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards... | Dcs\-1100_firmware, Dcs\-1130_firmware | 8.8 | ||
| 2019-07-02 | CVE-2017-8413 | An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards... | Dcs\-1100_firmware, Dcs\-1130_firmware | 8.8 |