Command injection

2018-08-2419:29:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.

CPENameOperatorVersion
eyeon_baby_monitor_firmwareeq1.08.1

CPE	Name	Operator	Version
	eyeon_baby_monitor_firmware	eq	1.08.1

References

seclists.org/fulldisclosure/2018/Aug/19

documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf