Sign-up

ID

VAR-201502-0198


CVE

CVE-2015-2048


TITLE

D-Link DCS-931L Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-01375 // CNNVD: CNNVD-201502-371

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. D-Link DCS-931L Contains a cross-site request forgery vulnerability.Authentication may be hijacked by a third party. The D-Link DCS-931L is a remote wireless surveillance camera from D-Link. A remote attacker could exploit this vulnerability to perform unauthorized operations

Trust: 2.25

sources: NVD: CVE-2015-2048 // JVNDB: JVNDB-2015-001588 // CNVD: CNVD-2015-01375 // VULHUB: VHN-80009

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01375

AFFECTED PRODUCTS

vendor:dlinkmodel:dcs-931lscope:lteversion:1.04

Trust: 1.0

vendor:d linkmodel:dcs-931lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-931lscope:lteversion:1.04

Trust: 0.8

vendor:d linkmodel:dcs-931lscope:lteversion:<=1.04

Trust: 0.6

vendor:d linkmodel:dcs-931lscope:eqversion:1.04

Trust: 0.6

sources: CNVD: CNVD-2015-01375 // JVNDB: JVNDB-2015-001588 // CNNVD: CNNVD-201502-371 // NVD: CVE-2015-2048

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2048
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-2048
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-01375
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-371
value: MEDIUM

Trust: 0.6

VULHUB: VHN-80009
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-2048
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01375
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-80009
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-01375 // VULHUB: VHN-80009 // JVNDB: JVNDB-2015-001588 // CNNVD: CNNVD-201502-371 // NVD: CVE-2015-2048

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-80009 // JVNDB: JVNDB-2015-001588 // NVD: CVE-2015-2048

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-371

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201502-371

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001588

PATCH
title:DCS-931Lurl:http://www.dlink.ru/mn/products/1433/1806.html
Trust: 0.8
title:SAP10049url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10049
Trust: 0.8
title:Patch for D-Link DCS-931L Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/55730
Trust: 0.6
title:DCS-931L_REVA_FIRMWARE_1.07.B1url:http://123.124.177.30/web/xxk/bdxqById.tag?id=53998
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01375 // 
            
            
            
            JVNDB: JVNDB-2015-001588 // 
            
            
            
            CNNVD: CNNVD-201502-371

EXTERNAL IDS
db:NVDid:CVE-2015-2048
Trust: 3.1
db:DLINKid:SAP10049
Trust: 2.3
db:JVNDBid:JVNDB-2015-001588
Trust: 0.8
db:CNVDid:CNVD-2015-01375
Trust: 0.6
db:CNNVDid:CNNVD-201502-371
Trust: 0.6
db:VULHUBid:VHN-80009
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01375 // 
            
            
            
            VULHUB: VHN-80009 // 
            
            
            
            JVNDB: JVNDB-2015-001588 // 
            
            
            
            CNNVD: CNNVD-201502-371 // 
            
            
            
            NVD: CVE-2015-2048

REFERENCES
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10049
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2048
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2048
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2015-01375 // 
            
            
            
            VULHUB: VHN-80009 // 
            
            
            
            JVNDB: JVNDB-2015-001588 // 
            
            
            
            CNNVD: CNNVD-201502-371 // 
            
            
            
            NVD: CVE-2015-2048

SOURCES
db:CNVDid:CNVD-2015-01375
db:VULHUBid:VHN-80009
db:JVNDBid:JVNDB-2015-001588
db:CNNVDid:CNNVD-201502-371
db:NVDid:CVE-2015-2048

LAST UPDATE DATE
2024-11-23T21:44:28.025000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01375date:2015-03-02T00:00:00
db:VULHUBid:VHN-80009date:2015-02-24T00:00:00
db:JVNDBid:JVNDB-2015-001588date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-371date:2023-04-27T00:00:00
db:NVDid:CVE-2015-2048date:2024-11-21T02:26:39.240

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-01375date:2015-03-02T00:00:00
db:VULHUBid:VHN-80009date:2015-02-23T00:00:00
db:JVNDBid:JVNDB-2015-001588date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-371date:2015-02-27T00:00:00
db:NVDid:CVE-2015-2048date:2015-02-23T17:59:05.290