Lucene search

K
nvd[email protected]NVD:CVE-2017-8417
HistoryJul 02, 2019 - 9:15 p.m.

CVE-2017-8417

2019-07-0221:15:10
CWE-255
web.nvd.nist.gov

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.6%

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part of that communication, the device uses custom version of base64 encoding to pass data back and forth between the apps and the device. However, the same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third party to retrieve the device’s password without any authentication by sending just 1 UDP packet with custom base64 encoding. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.

Affected configurations

NVD
Node
dlinkdcs-1100_firmwareMatch-
AND
dlinkdcs-1100Match-
Node
dlinkdcs-1130_firmwareMatch-
AND
dlinkdcs-1130Match-

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.6%

Related for NVD:CVE-2017-8417