CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 1CVE-2018-18767
https://notcve.org/view.php?id=CVE-2018-18767
20 Dec 2018 — An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. Se ha descubierto un problema en la aplicación "myDlink Baby App", de D-Link, en su versión 2.04.06. Cu... • https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-18442
https://notcve.org/view.php?id=CVE-2018-18442
20 Dec 2018 — D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding. Los dispositivos D-Link DCS-825L con firmware en versión 1.08 no emplean un mecanismo adecuado para evitar ataques de denegación de servicio (DoS). Un ata... • https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor •