Elevated Privileges Issue in D-Link IP Cameras
CVE-2021-41504

8HIGH

Key Information:

Vendor: D-Link
Status: Dcs-932l Firmware
Vendor: CVE Published:; 24 September 2021

What is CVE-2021-41504?

An elevated privileges vulnerability exists in various D-Link IP cameras that utilize outdated versions of firmware. This issue arises from the implementation of digest-authentication in the cameras' command interface, which may open additional attack vectors. Malicious users within the local area network (LAN) can exploit this vulnerability to gain unauthorized access to the camera's configuration settings. It is crucial for users of affected models to be aware that this issue pertains exclusively to devices that are no longer receiving support from the vendor.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2021
Vulnerability Reserved
Sep 20, 2021