Directory Traversal Vulnerability in D-Link DCS-2103 IP Camera
CVE-2014-9234

Currently unrated

Key Information:

Vendor
D-link
Status
Dcs-2103 Hd Cube Network Camera Firmware
Vendor
CVE Published:
3 December 2014

Summary

A directory traversal vulnerability exists in the D-Link DCS-2103 IP camera's cgi-bin/sddownload.cgi component, which allows remote attackers to read arbitrary files from the device. By manipulating the file parameter to include a '..' (dot dot) sequence, unauthorized users can gain access to sensitive information on the system, potentially exposing critical data to exploitation.

References

http://seclists.org/fulldisclosure/2014/Nov/42
mailing-listx_refsource_FULLDISC
http://websecurity.com.ua/7250/
x_refsource_MISC
http://packetstormsecurity.com/files/129138/D-Link-DCS-21...
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.