CVE-2017-7852 Information

Description

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device’s settings via a CSRF attack. This is because of the ‘allow-access-from domain’ child element set to LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks thus accepting requests from any domain. If a victim logged into the camera’s web console visits a malicious site hosting a malicious Flash file from another Browser tab the malicious Flash file then can send requests to the victim’s DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim’s DCS series Camera add new admin users or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05 DCS-5030L DCS-5020L DCS-2530L DCS-2630L DCS-930L DCS-932L and DCS-932LB1.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8