Command Injection Vulnerabilities in D-Link EyeOn Baby Monitor by D-Link
CVE-2017-11564

8.8HIGH

Key Information:

Vendor

D-Link
Status
Eyeon Baby Monitor Firmware
Vendor
CVE Published:
24 August 2018

What is CVE-2017-11564?

The D-Link EyeOn Baby Monitor (DCS-825L) version 1.08.1 contains several command injection vulnerabilities within its web service framework. These flaws enable an attacker to craft and send malicious HTTP requests capable of executing arbitrary commands. It is important to note that successful execution of this attack requires prior authentication, thus emphasizing the need for robust credential management to secure IoT devices from such exploitation.

References

https://documents.trendmicro.com/assets/tech_brief_Device...
x_refsource_MISC
http://seclists.org/fulldisclosure/2018/Aug/19
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-11564 : Command Injection Vulnerabilities in D-Link EyeOn Baby Monitor by D-Link