5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.825 High
EPSS
Percentile
98.4%
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
Recent assessments:
kevthehermit at March 04, 2021 12:03am UTC reported:
The D-LInk DCS-2530L is an IP Camera. This means it is more likely to be a target for botnets / IoT auto exploitation rather than anything else.
Triggering the exploit is very simple its just a GET
request to the /config/getuser?index=0"
endpoint and it returns the user|password combinations in clear text.
This can be paired with a second vulnerability reported at the same time, an authenticated command injection vuln, to gain access. See the exploited section below for more details.
The original tweets have been deleted but archive.org has them
My honeypots picked up a couple of pings on this, I am assuming automated scanning by some botnets.
{
"http_headers": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "en-GB,en;q=0.5",
"Connection": "close",
"Host": "REDACTED:8080",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
},
"http_host": "REDACTED:8080",
"http_method": "GET",
"http_path": "/config/getuser",
"http_post": {},
"http_query": "/config/getuser?index=0",
"http_remote": "205.185.122.102",
"http_scheme": "http",
"http_version": "HTTP/1.1",
"src_ip": "205.185.122.102"
}
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 5
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.825 High
EPSS
Percentile
98.4%