Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dcs\-2530l_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-02 | CVE-2020-25078 | An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. | Dcs\-2530l_firmware, Dcs\-2670l_firmware | 7.5 | ||
| 2020-09-02 | CVE-2020-25079 | An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | Dcs\-2530l_firmware, Dcs\-2670l_firmware | 8.8 | ||
| 2017-04-24 | CVE-2017-7852 | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series... | Dcs\-2132l_firmware, Dcs\-2136l_firmware, Dcs\-2210l_firmware, Dcs\-2230l_firmware, Dcs\-2310l_firmware, Dcs\-2330l_firmware, Dcs\-2332l_firmware, Dcs\-2530l_firmware, Dcs\-5000l_firmware, Dcs\-5009l_firmware, Dcs\-5010l_firmware, Dcs\-5020l_firmware, Dcs\-5025l_firmware, Dcs\-5029l_firmware, Dcs\-5030l_firmware, Dcs\-5222l_firmware, Dcs\-6010l_firmware, Dcs\-6212l_firmware, Dcs\-7000l_firmware, Dcs\-7010l_firmware, Dcs\-930l_firmware, Dcs\-931l_firmware, Dcs\-932l_firmware, Dcs\-933l_firmware, Dcs\-934l_firmware, Dcs\-942l_firmware | 8.8 |