CVE-2021-41504

Опубликовано: 24 сент. 2021

Источник: nvd

CVSS3: 8

CVSS2: 5.2

EPSS Низкий

Описание

An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Ссылки

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247
Vendor Advisory
https://www.dlink.com/en/security-bulletin/
Vendor Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10247
Vendor Advisory
https://www.dlink.com/en/security-bulletin/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dcs-932l_firmware:*:*:*:*:*:*:*:*

Версия до 2.17 (включая)

cpe:2.3:h:dlink:dcs-932l:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:dlink:dcs-5000l_firmware:1.05:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-5000l:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00164

Низкий

8 High

CVSS3

5.2 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-55fp-xjf8-j279