CVE-2017-7852

Name: CVE-2017-7852
Creator: NVD / NIST
Published: 2017-04-24T10:59:00.16+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 4.29%

Last modified Jun 17, 2026

CVE-2017-7852 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. EPSS estimates a 4.29% chance of exploitation in the next 30 days.

Description

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

4.29%

89.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Dlink	Dcs-2230l Firmware	<= 1.03.01
Dlink	Dcs-2310l Firmware	<= 1.08.01
Dlink	Dcs-2332l Firmware	<= 1.08.01
Dlink	Dcs-6010l Firmware	<= 1.15.01
Dlink	Dcs-7010l Firmware	<= 1.08.01
Dlink	Dcs-2530l Firmware	<= 1.00.21
Dlink	Dcs-930l Firmware	<= 1.15.04
Dlink	Dcs-930l Firmware	<= 2.13.15
Dlink	Dcs-932l Firmware	<= 1.13.04
Dlink	Dcs-932l Firmware	<= 2.13.15
Dlink	Dcs-934l Firmware	<= 1.04.15
Dlink	Dcs-942l Firmware	<= 1.27
Dlink	Dcs-942l Firmware	<= 2.11.03
Dlink	Dcs-931l Firmware	<= 1.13.05
Dlink	Dcs-933l Firmware	<= 1.13.05
Dlink	Dcs-5009l Firmware	<= 1.07.05
Dlink	Dcs-5010l Firmware	<= 1.13.05
Dlink	Dcs-5020l Firmware	<= 1.13.05
Dlink	Dcs-5000l Firmware	<= 1.02.02
Dlink	Dcs-5025l Firmware	<= 1.02.10
Dlink	Dcs-5030l Firmware	<= 1.01.06
Dlink	Dcs-2210l Firmware	<= 1.03.01
Dlink	Dcs-2136l Firmware	<= 1.04.01
Dlink	Dcs-2132l Firmware	<= 1.08.01
Dlink	Dcs-7000l Firmware	<= 1.04.00
Dlink	Dcs-6212l Firmware	<= 1.00.12
Dlink	Dcs-5029l Firmware	<= 1.12.00
Dlink	Dcs-2310l Firmware	<= 2.03.00
Dlink	Dcs-2330l Firmware	<= 1.13.00
Dlink	Dcs-2132l Firmware	<= 2.12.00
Dlink	Dcs-5222l Firmware	<= 2.12.00

References

https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdfExploit, Mitigation, Third Party Advisory
https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdfExploit, Mitigation, Third Party Advisory

Timeline

Published: Apr 24, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-7852?

How severe is CVE-2017-7852?

CVE-2017-7852 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 4.29% probability of exploitation in the next 30 days.

How do I fix CVE-2017-7852?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-7852?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST