Password Disclosure Vulnerability in D-Link DCS-932L Camera
CVE-2012-4046

Currently unrated

Key Information:

Vendor: D-Link
Status: Dcs-932l Firmware; Dcs-932l
Vendor: CVE Published:; 24 December 2012

Summary

The D-Link DCS-932L camera with firmware version 1.02 is susceptible to a password disclosure vulnerability. This issue allows remote attackers to unveil the device's password by utilizing a User Datagram Protocol (UDP) broadcast packet. An attacker can exploit this flaw effectively by executing the D-Link Setup Wizard and extracting the password from the _paramR["P"] value. This presents significant security risks, as unauthorized access to the camera could lead to potential privacy violations and unauthorized surveillance.

References

http://www.fishnetsecurity.com/6labs/blog/password-disclo...

x_refsource_MISC

http://seclists.org/bugtraq/2012/Dec/98

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 24, 2012