CVE-2018-18767
The CVE affects D-Link myDlink Baby App v2.04.06 and D-Link 825L firmware v1.08. The root cause is that the app communicates with the camera using base64-encoded credentials in cleartext over the local network, enabling a local attacker to perform a MitM attack and easily obtain the username/pass...