Vulnerability Description
DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dcs-932L Firmware | <= 2.17 |
| Dlink | Dcs-932L | - |
| D-Link | Dcs-5000L Firmware | 1.05 |
| Dlink | Dcs-5000L | - |
Related Weaknesses (CWE)
References
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1Vendor Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1Vendor Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
FAQ
What is CVE-2021-41503?
CVE-2021-41503 is a vulnerability with a CVSS score of 8.0 (HIGH). DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise th...
How severe is CVE-2021-41503?
CVE-2021-41503 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41503?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dcs-932L Firmware, Dlink Dcs-932L, D-Link Dcs-5000L Firmware, Dlink Dcs-5000L.