11 matches found
(0Day) D-Link DCS-960L HTTP Authorization Header Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server, which listens on TCP port 80 by default. A...
(0Day) D-Link DCS-960L HNAP Login Cookie Format String Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of login action requests. The issue results from th...
(0Day) D-Link DCS-960L HNAP Cookie Format String Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie request header. The issue results fro...
CVE-2019-10999
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable...
Stack overflow
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable...
CVE-2019-10999
The CVE-2019-10999 issue affects D-Link DCS series cameras with the alphapd web server, via a stack-based buffer overflow triggered by a long WEPEncryption value in wireless.htm. Root cause: improper handling in alphapd leading to remote code execution. Affected devices include DCS-5009L, 5010L, ...
Authentication flaw
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many mor...
CVE-2018-18441
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many mor...
CVE-2018-18441
CVE-2018-18441 affects D-Link DCS series Wi‑Fi cameras (e.g., DCS-936L, DCS-942L, DCS-8000LH, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5020L, etc.). The vulnerability stems from the /common/info.cgi endpoint being accessible without authentication, allowing remote access ...
CVE-2017-14953
HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an...
D-Link Wi-Fi Camera Flaw Extends to 120 Products
Update A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company. Researchers at Senrio, who found the original vulnerability, disclosed today additional details of product vulnerabilities related to the component aft...