Incorrect Access Control in D-Link IP Cameras Exposes Configuration to Malicious Users
CVE-2021-41503
8HIGH
What is CVE-2021-41503?
Certain D-Link IP cameras, specifically the DCS-5000L v1.05 and DCS-932L v2.17 and earlier versions, are vulnerable to incorrect access control. This vulnerability stems from the use of basic authentication in the command interface of the devices, which may enable unauthorized access to device configurations. Malicious users within the local area network (LAN) could exploit this security gap to manipulate camera settings or gain sensitive information. Notably, this issue affects products that are no longer supported by D-Link, making it crucial for users to take proactive measures to secure their devices.