Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18442 | 2 D-link, Dlink | 2 Dcs-825l Firmware, Dcs-825l | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding. | |||||
| CVE-2018-18441 | 2 D-link, Dlink | 36 Dcs-2102 Firmware, Dcs-2121 Firmware, Dcs-2630l Firmware and 33 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. | |||||
| CVE-2018-18767 | 2 D-link, Dlink | 3 Dcs-825l Firmware, Dcs-825l, Mydlink Baby Camera Monitor | 2023-12-10 | 1.9 LOW | 7.0 HIGH |
| An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. | |||||