CVE-2017-8405
Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.
Se detectó un problema en los dispositivos DCS-1130 y DCS-1100 de D-Link. El rtspd binario en la carpeta /sbin del dispositivo maneja todas las conexiones rtsp recibidas por el dispositivo. Al parecer el binario carga en la dirección 0x00012CF4 un flag llamado "Autenticar" que indica si un usuario debe estar autenticado o no anterior a permitir el acceso a la fuente de video. Por defecto, el valor de este flag es cero y se puede configurar y desconfigurar mediante la interfaz HTTP y la pestaña de configuración de red, como se muestra a continuación. El dispositivo requiere que un usuario inicie sesión en la interfaz de administración HTTP del dispositivo para suministrar un nombre de usuario y una contraseña válida. Sin embargo, el dispositivo no impone la misma restricción por defecto en la URL RTSP debido a que la casilla de comprobación no está activada por defecto, lo que permite que cualquier atacante que posea la dirección IP externa de la cámara visualice la fuente de vídeo en tiempo real. La severidad de este ataque se incrementa por el hecho de que hay más de 100.000 dispositivos D-Link instalados.
Dlink DCS-1130 suffers from command injection, cross site request forgery, stack overflow, and various other vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-02 CVE Reserved
- 2019-06-07 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-11-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html | Third Party Advisory |
|
| https://seclists.org/bugtraq/2019/Jun/8 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dcs-1100 Firmware Search vendor "Dlink" for product "Dcs-1100 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-1100 Search vendor "Dlink" for product "Dcs-1100" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dcs-1130 Firmware Search vendor "Dlink" for product "Dcs-1130 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-1130 Search vendor "Dlink" for product "Dcs-1130" | - | - |
Safe
|