CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 2CVE-2017-8410 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8410
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the "Authorization: Basic" RTSP header and stores it on the stack. The number of bytes to be copied are calculated based on the length of the string sent in the RTSP header by the client. As a result, memcpy copies more data then it can hold on ... • https://packetstorm.news/files/id/153226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 9%CPEs: 2EXPL: 2CVE-2017-8411 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8411
07 Jun 2019 — An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archi... • https://packetstorm.news/files/id/153226 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 1CVE-2017-8412 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8412
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000... • https://packetstorm.news/files/id/153226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2017-8413 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8413
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code... • https://packetstorm.news/files/id/153226 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2017-8414 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8414
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption. Se detectó un problema en los dispositivos DCS-1100 ... • https://packetstorm.news/files/id/153226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 1CVE-2017-8415 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8415
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the user at address 0x000538E0 and performs a strcmp at address 0x00053908 to check if the password is correct or incorrect. However, the /etc/shadow file is a part of CRAM-FS filesystem which means that the user cannot ch... • https://packetstorm.news/files/id/153226 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-8416 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8416
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code... • https://packetstorm.news/files/id/153226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 2CVE-2017-8417 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8417
07 Jun 2019 — An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part of that communication, the device uses custom version of base64 encoding to pass data back and forth between the apps and the device. However, the same form of communication can be initiated by any process including ... • https://packetstorm.news/files/id/153226 • CWE-255: Credentials Management Errors •