D-Link DCS-900 Camera Arbitrary Remote IP Address Modification

2004-08-31T00:00:00
ID OSVDB:9401
Type osvdb
Reporter Jerome Athias(jerome.athias@caramail.com)
Modified 2004-08-31T00:00:00

Description

Vulnerability Description

The D-Link DCS-900 internet camera contains a flaw that may allow a malicious user to remotely change the camera IP address. The issue is triggered when a malicious user sends specially crafted UDP packets to the camera bypassing authentication. It is possible that the flaw may allow the user to change configuration options such as the IP address of the camera resulting in a loss of confidentiality and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

The D-Link DCS-900 internet camera contains a flaw that may allow a malicious user to remotely change the camera IP address. The issue is triggered when a malicious user sends specially crafted UDP packets to the camera bypassing authentication. It is possible that the flaw may allow the user to change configuration options such as the IP address of the camera resulting in a loss of confidentiality and/or availability.

References:

Vendor URL: http://www.dlink.com.au/ Security Tracker: 1011100 Secunia Advisory ID:12425 Other Advisory URL: http://miscname.com/public/dcs-900/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0406.html CVE-2004-1650