DCS-1130

CVEs (15)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2013-1602	Dlink Dcs 2121	0.08	—	0.60	Jan 28, 2020	An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121…
CVE-2017-8404	Dlink DCS-1130	0.02	—	0.25	Jul 2, 2019	An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to…
CVE-2017-8408	Dlink DCS-1130	0.02	—	0.20	Jul 2, 2019	An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the…
CVE-2017-8411	Dlink DCS-1130	0.01	—	0.10	Jul 2, 2019	An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to…
CVE-2017-8416	Dlink DCS-1100	0.00	—	0.01	Jul 2, 2019	An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile…
CVE-2017-8413	Dlink DCS-1100	0.00	—	0.02	Jul 2, 2019	An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile…
CVE-2017-8415	Dlink DCS-1100	0.00	—	0.04	Jul 2, 2019	An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password…
CVE-2017-8412	Dlink DCS-1100	0.00	—	0.03	Jul 2, 2019	An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and…
CVE-2017-8417	Dlink DCS-1100	0.00	—	0.06	Jul 2, 2019	An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any…
CVE-2017-8414	Dlink DCS-1100	0.00	—	0.00	Jul 2, 2019	An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command…
CVE-2017-8410	Dlink DCS-1100	0.00	—	0.05	Jul 2, 2019	An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the…
CVE-2017-8405	Dlink DCS-1100	0.00	—	0.05	Jul 2, 2019	An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a…
CVE-2017-8409	Dlink DCS-1130	0.00	—	0.05	Jul 2, 2019	An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view…
CVE-2017-8406	Dlink DCS-1130	0.00	—	0.02	Jul 2, 2019	An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on…
CVE-2017-8407	Dlink DCS-1130	0.00	—	0.02	Jul 2, 2019	An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which…

CVE-2013-1602Jan 28, 2020
Dlink
Dcs 2121
risk 0.08cvss —epss 0.60
An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121…
CVE-2017-8404Jul 2, 2019
Dlink
DCS-1130
risk 0.02cvss —epss 0.25
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to…
CVE-2017-8408Jul 2, 2019
Dlink
DCS-1130
risk 0.02cvss —epss 0.20
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the…
CVE-2017-8411Jul 2, 2019
Dlink
DCS-1130
risk 0.01cvss —epss 0.10
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to…
CVE-2017-8416Jul 2, 2019
Dlink
DCS-1100
risk 0.00cvss —epss 0.01
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile…
CVE-2017-8413Jul 2, 2019
Dlink
DCS-1100
risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile…
CVE-2017-8415Jul 2, 2019
Dlink
DCS-1100
risk 0.00cvss —epss 0.04
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password…
CVE-2017-8412Jul 2, 2019
Dlink
DCS-1100
risk 0.00cvss —epss 0.03
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and…
CVE-2017-8417Jul 2, 2019
Dlink
DCS-1100
risk 0.00cvss —epss 0.06
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any…
CVE-2017-8414Jul 2, 2019
Dlink
DCS-1100
risk 0.00cvss —epss 0.00
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command…
CVE-2017-8410Jul 2, 2019
Dlink
DCS-1100
risk 0.00cvss —epss 0.05
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary performs a memcpy operation at address 0x00011E34 with the value sent in the…
CVE-2017-8405Jul 2, 2019
Dlink
DCS-1100
risk 0.00cvss —epss 0.05
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a…
CVE-2017-8409Jul 2, 2019
Dlink
DCS-1130
risk 0.00cvss —epss 0.05
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view…
CVE-2017-8406Jul 2, 2019
Dlink
DCS-1130
risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on…
CVE-2017-8407Jul 2, 2019
Dlink
DCS-1130
risk 0.00cvss —epss 0.02
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which…