CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-8416 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8416
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code... • https://packetstorm.news/files/id/153226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 2CVE-2017-8417 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8417
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part of that communication, the device uses custom version of base64 encoding to pass data back and forth between the apps and the device. However, the same form of communication can be initiated by any process including ... • https://packetstorm.news/files/id/153226 • CWE-255: Credentials Management Errors •