CVE-2018-18441
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.
Las cámaras Wi-Fi D-Link Serie DCS exponen información sensible relacionada con la configuración del dispositivo. Los dispositivos afectados incluyen muchos de la serie DCS como: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L y muchos más. Hay muchas versiones de firmware afectadas, comenzando por la 1.00 y siguientes. Se puede acceder de forma remota al archivo de configuración mediante: Camera-IP/common/info.cgi, sin autenticación. El archivo de configuración incluye los siguientes campos: modelo, producto, marca, versión, build, versión de hardware, versión de nipca, nombre del dispositivo, ubicación, dirección MAC, dirección IP, dirección IP de la puerta de enlace, estado inalámbrico, opciones de entrada/salida, altavoz y opciones del sensor.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-10-17 CVE Reserved
- 2018-12-20 CVE Published
- 2023-09-06 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| D-link Search vendor "D-link" | Dcs-936l Firmware Search vendor "D-link" for product "Dcs-936l Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-936l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-936l Search vendor "Dlink" for product "Dcs-936l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dcs-942l Firmware Search vendor "Dlink" for product "Dcs-942l Firmware" | >= 1.00 Search vendor "Dlink" for product "Dcs-942l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-942l Search vendor "Dlink" for product "Dcs-942l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-8000lh Firmware Search vendor "D-link" for product "Dcs-8000lh Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-8000lh Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-8000lh Search vendor "Dlink" for product "Dcs-8000lh" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-942lb1 Firmware Search vendor "D-link" for product "Dcs-942lb1 Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-942lb1 Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-942lb1 Search vendor "Dlink" for product "Dcs-942lb1" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-5222l Firmware Search vendor "D-link" for product "Dcs-5222l Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-5222l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5222l Search vendor "Dlink" for product "Dcs-5222l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-825l Firmware Search vendor "D-link" for product "Dcs-825l Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-825l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-825l Search vendor "Dlink" for product "Dcs-825l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-2630l Firmware Search vendor "D-link" for product "Dcs-2630l Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-2630l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-2630l Search vendor "Dlink" for product "Dcs-2630l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-820l Firmware Search vendor "D-link" for product "Dcs-820l Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-820l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-820l Search vendor "Dlink" for product "Dcs-820l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-855l Firmware Search vendor "D-link" for product "Dcs-855l Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-855l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-855l Search vendor "Dlink" for product "Dcs-855l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-2121 Firmware Search vendor "D-link" for product "Dcs-2121 Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-2121 Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-2121 Search vendor "Dlink" for product "Dcs-2121" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-5222lb1 Firmware Search vendor "D-link" for product "Dcs-5222lb1 Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-5222lb1 Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5222lb1 Search vendor "Dlink" for product "Dcs-5222lb1" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dcs-5020l Firmware Search vendor "Dlink" for product "Dcs-5020l Firmware" | >= 1.00 Search vendor "Dlink" for product "Dcs-5020l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5020l Search vendor "Dlink" for product "Dcs-5020l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dcs-930l Firmware Search vendor "Dlink" for product "Dcs-930l Firmware" | >= 1.00 Search vendor "Dlink" for product "Dcs-930l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-930l Search vendor "Dlink" for product "Dcs-930l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-8100lh Firmware Search vendor "D-link" for product "Dcs-8100lh Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-8100lh Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-8100lh Search vendor "Dlink" for product "Dcs-8100lh" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dcs-932l Firmware Search vendor "Dlink" for product "Dcs-932l Firmware" | >= 1.00 Search vendor "Dlink" for product "Dcs-932l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-932l Search vendor "Dlink" for product "Dcs-932l" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-2102 Firmware Search vendor "D-link" for product "Dcs-2102 Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-2102 Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-2102 Search vendor "Dlink" for product "Dcs-2102" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dcs-942lb1 Firmware Search vendor "D-link" for product "Dcs-942lb1 Firmware" | >= 1.00 Search vendor "D-link" for product "Dcs-942lb1 Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-942lb1 Search vendor "Dlink" for product "Dcs-942lb1" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dcs-933l Firmware Search vendor "Dlink" for product "Dcs-933l Firmware" | >= 1.00 Search vendor "Dlink" for product "Dcs-933l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-933l Search vendor "Dlink" for product "Dcs-933l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dcs-5030l Firmware Search vendor "Dlink" for product "Dcs-5030l Firmware" | >= 1.00 Search vendor "Dlink" for product "Dcs-5030l Firmware" and version " >= 1.00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dcs-5030l Search vendor "Dlink" for product "Dcs-5030l" | - | - |
Safe
|