CVE-2017-11563 — CRITICAL (9.8)

Vulnerability Description

D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dlink	Eyeon Baby Monitor Firmware	1.08.1
Dlink	Eyeon Baby Monitor	-

Related Weaknesses (CWE)

CWE-119

References

http://seclists.org/fulldisclosure/2018/Aug/18Mailing ListThird Party Advisory
https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_theTechnical DescriptionThird Party Advisory
http://seclists.org/fulldisclosure/2018/Aug/18Mailing ListThird Party Advisory
https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_theTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2017-11563?

CVE-2017-11563 is a vulnerability with a CVSS score of 9.8 (CRITICAL). D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic info...

How severe is CVE-2017-11563?

CVE-2017-11563 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-11563?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Eyeon Baby Monitor Firmware, Dlink Eyeon Baby Monitor.