CVE-2017-8409
Last modified
CVE-2017-8409 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. EPSS estimates a 2.71% chance of exploitation in the next 30 days.
Description
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dcs-1130 Firmware | All versions |
References
- http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.htmlThird Party Advisory, VDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdfExploit, Third Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.htmlThird Party Advisory, VDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdfExploit, Third Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8409?
How severe is CVE-2017-8409?
How do I fix CVE-2017-8409?
Are you affected by CVE-2017-8409?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST