Incorrect Access Control in D-Link IP Cameras Exposes Configuration to Malicious Users
CVE-2021-41503

8HIGH

Key Information:

Vendor: D-Link
Status: Dcs-932l Firmware
Vendor: CVE Published:; 24 September 2021

What is CVE-2021-41503?

Certain D-Link IP cameras, specifically the DCS-5000L v1.05 and DCS-932L v2.17 and earlier versions, are vulnerable to incorrect access control. This vulnerability stems from the use of basic authentication in the command interface of the devices, which may enable unauthorized access to device configurations. Malicious users within the local area network (LAN) could exploit this security gap to manipulate camera settings or gain sensitive information. Notably, this issue affects products that are no longer supported by D-Link, making it crucial for users to take proactive measures to secure their devices.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2021
Vulnerability Reserved
Sep 20, 2021