CVE-2018-18441 Information

Description

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series such as: DCS-936L DCS-942L DCS-8000LH DCS-942LB1 DCS-5222L DCS-825L DCS-2630L DCS-820L DCS-855L DCS-2121 DCS-5222LB1 DCS-5020L and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: Camera-IP/common/info.cgi with no authentication. The configuration file include the following fields: model product brand version build hw_version nipca version device name location MAC address IP address gateway IP address wireless status input/output settings speaker and sensor settings.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5