Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7852 | 1 Dlink | 52 Dcs-2132l, Dcs-2132l Firmware, Dcs-2136l and 49 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Came ...
Show More |
|||||
| CVE-2021-41504 | 1 Dlink | 4 Dcs-5000l, Dcs-5000l Firmware, Dcs-932l and 1 more | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
|
An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2021-41503 | 2 D-link, Dlink | 4 Dcs-5000l Firmware, Dcs-5000l, Dcs-932l and 1 more | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
|
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||