Command Injection Vulnerabilities in D-Link EyeOn Baby Monitor by D-Link
CVE-2017-11564

8.8HIGH

Key Information:

Vendor: D-Link
Status: Eyeon Baby Monitor Firmware
Vendor: CVE Published:; 24 August 2018

Summary

The D-Link EyeOn Baby Monitor (DCS-825L) version 1.08.1 contains several command injection vulnerabilities within its web service framework. These flaws enable an attacker to craft and send malicious HTTP requests capable of executing arbitrary commands. It is important to note that successful execution of this attack requires prior authentication, thus emphasizing the need for robust credential management to secure IoT devices from such exploitation.

References

https://documents.trendmicro.com/assets/tech_brief_Device...

x_refsource_MISC

http://seclists.org/fulldisclosure/2018/Aug/19

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 24, 2018
Vulnerability Reserved
Jul 22, 2017