Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dcs\-930l_firmware
(Dlink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-09 | CVE-2016-11021 | setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | Dcs\-930l_firmware | 7.2 | ||
| 2017-04-24 | CVE-2017-7852 | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series... | Dcs\-2132l_firmware, Dcs\-2136l_firmware, Dcs\-2210l_firmware, Dcs\-2230l_firmware, Dcs\-2310l_firmware, Dcs\-2330l_firmware, Dcs\-2332l_firmware, Dcs\-2530l_firmware, Dcs\-5000l_firmware, Dcs\-5009l_firmware, Dcs\-5010l_firmware, Dcs\-5020l_firmware, Dcs\-5025l_firmware, Dcs\-5029l_firmware, Dcs\-5030l_firmware, Dcs\-5222l_firmware, Dcs\-6010l_firmware, Dcs\-6212l_firmware, Dcs\-7000l_firmware, Dcs\-7010l_firmware, Dcs\-930l_firmware, Dcs\-931l_firmware, Dcs\-932l_firmware, Dcs\-933l_firmware, Dcs\-934l_firmware, Dcs\-942l_firmware | 8.8 | ||
| 2018-12-20 | CVE-2018-18441 | D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The... | Dcs\-2102_firmware, Dcs\-2121_firmware, Dcs\-2630l_firmware, Dcs\-5222l_firmware, Dcs\-5222lb1_firmware, Dcs\-8000lh_firmware, Dcs\-8100lh_firmware, Dcs\-820l_firmware, Dcs\-825l_firmware, Dcs\-855l_firmware, Dcs\-936l_firmware, Dcs\-942lb1_firmware, Dcs\-5020l_firmware, Dcs\-5030l_firmware, Dcs\-930l_firmware, Dcs\-932l_firmware, Dcs\-933l_firmware, Dcs\-942l_firmware | 7.5 | ||
| 2019-05-06 | CVE-2019-10999 | The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below),... | Dcs\-5009l_firmware, Dcs\-5010l_firmware, Dcs\-5020l_firmware, Dcs\-5025l_firmware, Dcs\-5030l_firmware, Dcs\-930l_firmware, Dcs\-931l_firmware, Dcs\-932l_firmware, Dcs\-933l_firmware, Dcs\-934l_firmware | 8.8 |