Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dcs\-5000l_firmware
(Dlink)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 2 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-09-24 | CVE-2021-41504 | An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | Dcs\-5000l_firmware, Dcs\-932l_firmware | 8.0 | ||
2017-04-24 | CVE-2017-7852 | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series... | Dcs\-2132l_firmware, Dcs\-2136l_firmware, Dcs\-2210l_firmware, Dcs\-2230l_firmware, Dcs\-2310l_firmware, Dcs\-2330l_firmware, Dcs\-2332l_firmware, Dcs\-2530l_firmware, Dcs\-5000l_firmware, Dcs\-5009l_firmware, Dcs\-5010l_firmware, Dcs\-5020l_firmware, Dcs\-5025l_firmware, Dcs\-5029l_firmware, Dcs\-5030l_firmware, Dcs\-5222l_firmware, Dcs\-6010l_firmware, Dcs\-6212l_firmware, Dcs\-7000l_firmware, Dcs\-7010l_firmware, Dcs\-930l_firmware, Dcs\-931l_firmware, Dcs\-932l_firmware, Dcs\-933l_firmware, Dcs\-934l_firmware, Dcs\-942l_firmware | 8.8 |