CVSS: 5.3EPSS: 57%CPEs: 38EXPL: 2CVE-2013-1603 – D-Link IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1603
28 Jan 2020 — An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve... • https://www.exploit-db.com/exploits/25138 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 42%CPEs: 38EXPL: 2CVE-2013-1602 – D-Link IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1602
28 Jan 2020 — An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams. Se presenta un... • https://www.exploit-db.com/exploits/25138 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 37%CPEs: 38EXPL: 2CVE-2013-1601 – D-Link IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1601
28 Jan 2020 — An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS... • https://www.exploit-db.com/exploits/25138 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 92%CPEs: 36EXPL: 4CVE-2013-1599 – D-Link IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1599
28 Jan 2020 — A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface. Existe una vulnerabilidad de inyección de comandos en el scr... • https://www.exploit-db.com/exploits/25138 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 21%CPEs: 2EXPL: 2CVE-2017-8404 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8404
07 Jun 2019 — An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archi... • https://packetstorm.news/files/id/153226 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 2CVE-2017-8405 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8405
07 Jun 2019 — An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a ... • https://packetstorm.news/files/id/153226 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 2CVE-2017-8406 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8406
07 Jun 2019 — An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on the device. In this case, user's credentials are stored in clear text on the device and can be pulled easily. It also seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an atta... • https://packetstorm.news/files/id/153226 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 2CVE-2017-8407 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8407
07 Jun 2019 — An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password. Se detectó un problema en los dispositivos DCS-1130 de D-Link. El dispositivo provee a un usuario la capacidad de cambiar ... • https://packetstorm.news/files/id/153226 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 21%CPEs: 2EXPL: 2CVE-2017-8408 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8408
07 Jun 2019 — An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive ... • https://packetstorm.news/files/id/153226 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2017-8409 – Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
https://notcve.org/view.php?id=CVE-2017-8409
07 Jun 2019 — An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. Se detectó un problema en los dispositivos DCS-1130 de D-Link. • https://packetstorm.news/files/id/153226 • CWE-285: Improper Authorization •