CVE-2018-18441

Name: CVE-2018-18441
Creator: NVD / NIST
Published: 2018-12-20T23:29:00.707+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.94%

Last modified Jun 17, 2026

CVE-2018-18441 is a vulnerability of currently unknown severity. D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. EPSS estimates a 1.94% chance of exploitation in the next 30 days.

Description

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings.

Metrics

EPSS Probability

1.94%

77.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
D-Link	Dcs-936l Firmware	>= 1.00
Dlink	Dcs-942l Firmware	>= 1.00
D-Link	Dcs-8000lh Firmware	>= 1.00
D-Link	Dcs-942lb1 Firmware	>= 1.00
D-Link	Dcs-5222l Firmware	>= 1.00
D-Link	Dcs-825l Firmware	>= 1.00
D-Link	Dcs-2630l Firmware	>= 1.00
D-Link	Dcs-820l Firmware	>= 1.00
D-Link	Dcs-855l Firmware	>= 1.00
D-Link	Dcs-2121 Firmware	>= 1.00
D-Link	Dcs-5222lb1 Firmware	>= 1.00
Dlink	Dcs-5020l Firmware	>= 1.00
Dlink	Dcs-930l Firmware	>= 1.00
D-Link	Dcs-8100lh Firmware	>= 1.00
Dlink	Dcs-932l Firmware	>= 1.00
D-Link	Dcs-2102 Firmware	>= 1.00
Dlink	Dcs-933l Firmware	>= 1.00
Dlink	Dcs-5030l Firmware	>= 1.00

References

https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/Exploit, Third Party Advisory
https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/Exploit, Third Party Advisory

Timeline

Published: Dec 20, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-18441?

How severe is CVE-2018-18441?

Severity scoring for CVE-2018-18441 is pending analysis. The EPSS model estimates a 1.94% probability of exploitation in the next 30 days.

How do I fix CVE-2018-18441?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-18441?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST