Vulnerability Description
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dcs-1130 Firmware | - |
| Dlink | Dcs-1130 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRThird Party AdvisoryVDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_secExploitThird Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRThird Party AdvisoryVDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_secExploitThird Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing ListThird Party Advisory
FAQ
What is CVE-2017-8409?
CVE-2017-8409 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction ...
How severe is CVE-2017-8409?
CVE-2017-8409 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8409?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dcs-1130 Firmware, Dlink Dcs-1130.