Information disclosure

An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04US, DCS-1130 1.03/1.04US , DCS-2102 1.05RU/1.06/1.06FR/1.05TESCO, DCS-2121...

PT-2020-7359

Name of the Vulnerable Software and Affected Versions: D-Link IP Cameras DCS-3411/3430 version 1.02 D-Link IP Cameras DCS-5605/5635 version 1.01 D-Link IP Cameras DCS-1100L/1130L version 1.04 D-Link IP Cameras DCS-1100/1130 version 1.03 D-Link IP Cameras DCS-1100/1130 version 1.04 US D-Link IP...

D-Link DCS-1100 and D-Link DCS-1130 Cross-Site Request Forgery Vulnerabilities (CNVD-2019-23334)

The D-Link DCS-1100 and the D-Link DCS-1130 are both network cameras from Taiwan, China-based AUO D-Link. A cross-site request forgery vulnerability exists in the D-Link DCS-1100 and DCS-1130. An attacker can exploit the vulnerability by sending simple UDP packets to access the management interfa...

D-Link DCS-1100 and D-Link DCS-1130 Cross-Site Request Forgery Vulnerabilities (CNVD-2019-23340)

The D-Link DCS-1100 and the D-Link DCS-1130 are both network cameras from Taiwan, China-based AUO D-Link. A cross-site request forgery vulnerability exists in the D-Link DCS-1100 and DCS-1130 devices. A local attacker could exploit this vulnerability to execute commands without authentication...

D-Link DCS-1100 and D-Link DCS-1130 Buffer Error Vulnerability

The D-Link DCS-1100 and the D-Link DCS-1130 are both network cameras from Taiwan, China-based AUO D-Link. A buffer error vulnerability exists in RTSPD in the D-Link DCS-1100 and DCS-1130. An attacker could use this vulnerability to take full control of the device and view images captured by the...

D-Link DCS-1100 and D-Link DCS-1130 Buffer Error Vulnerability (CNVD-2019-21249)

The D-Link DCS-1100 and the D-Link DCS-1130 are both network cameras from Taiwan, China-based AUO D-Link. A buffer error vulnerability exists in the D-Link DCS-1100 and DCS-1130. A local attacker could exploit this vulnerability to execute arbitrary commands on the device without authentication...

CVE-2017-8412

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable...

Design/Logic Flaw

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and...

Hardcoded credentials

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the use...

CVE-2017-8416

The CVE-2017-8416 issue affects D-Link DCS-1100 and DCS-1130 devices. A daemon listening on UDP port 5978 processes a custom discovery protocol; an unbounded copy (strcpy) within packet handling can overflow the stack, enabling remote code execution. An attacker on the local network can trigger t...

CVE-2017-8413

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and...

CVE-2017-8413

Summary: CVE-2017-8413 affects D-Link DCS-1100 and DCS-1130 network cameras. A custom UDP-based discovery daemon (port 5978, named dldps2121) processes broadcast packets. If a packet with type S (0x53) is received, the base64-encoded parameter C is decoded and passed to a system API, enabling com...

CVE-2017-8410

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the "Authorization: Basic" RTS...

CVE-2017-8405

An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be...

Design/Logic Flaw

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the "Authorization: Basic" RTS...

CVE-2017-8415

Affected devices: D-Link DCS-1100 and DCS-1130. The vulnerability stems from a hardcoded credential mechanism used by a custom telnet daemon (part of BusyBox) where the password check uses a salted hash of the string "admin" stored in /etc/shadow on a CRAM-FS filesystem. Because the filesystem is...

CVE-2017-8415

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the use...

CVE-2017-8412

CVE-2017-8412 affects D-Link DCS-1100 and DCS-1130 devices. A custom mp4ts binary in /var/www/video dumps the HTTP VERB into logs and copies user input via a vulnerable sprintf into a string without bounds checking, leading to a stack overflow that can overwrite the PC and enable buffer overflow ...

CVE-2017-8414

CVE-2017-8414 affects D-Link DCS-1100 and DCS-1130 network cameras. The /sbin orthrus UPnP handler takes the command-line parameter -f and performs a sprintf to the stack without length checking, which corrupts registers in a function (sub_A098) and leads to memory corruption. Public advisories (...

CVE-2017-8410

The CVE-2017-8410 issue affects D-Link DCS-1100 and DCS-1130 cameras. The rtspd RTSP handler in /sbin performs a memcpy using the Authorization: Basic header data, with copy length derived from the header string length, causing a stack overwrite and memory corruption. This leads to potential arbi...