Sign-up

ID

VAR-201502-0199


CVE

CVE-2015-2049


TITLE

D-Link DCS-93xL model family allows unrestricted upload

Trust: 0.8

sources: CERT/CC: VU#377348

DESCRIPTION

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. The D-Link DCS-93xL family of devices (specifically the DCS-930L, DCS-931L, DCS-932L, and DCS-933L models) allows an attacker to upload arbitrary files from the attackers system. The D-Link DCS-931L is a D-Link home wireless network camera

Trust: 2.97

sources: NVD: CVE-2015-2049 // CERT/CC: VU#377348 // JVNDB: JVNDB-2015-001589 // CNVD: CNVD-2015-01423 // VULHUB: VHN-80010

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01423

AFFECTED PRODUCTS

vendor:d linkmodel:dcs-931lscope: - version: -

Trust: 1.6

vendor:dlinkmodel:dcs-931lscope:lteversion:1.04

Trust: 1.0

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-931l withscope:lteversion:<=1.04

Trust: 0.6

vendor:d linkmodel:dcs-931lscope:eqversion:1.04

Trust: 0.6

sources: CERT/CC: VU#377348 // CNVD: CNVD-2015-01423 // JVNDB: JVNDB-2015-001589 // CNNVD: CNNVD-201502-370 // NVD: CVE-2015-2049

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2015-2049
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2015-2049
value: HIGH

Trust: 1.0

CNVD: CNVD-2015-01423
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201502-370
value: CRITICAL

Trust: 0.6

VULHUB: VHN-80010
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-2049
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2015-2049
severity: HIGH
baseScore: 9.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-01423
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-80010
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#377348 // CNVD: CNVD-2015-01423 // VULHUB: VHN-80010 // JVNDB: JVNDB-2015-001589 // CNNVD: CNNVD-201502-370 // NVD: CVE-2015-2049

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-001589 // NVD: CVE-2015-2049

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-370

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201502-370

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001589

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#377348 // 
            
            
            
            VULHUB: VHN-80010

PATCH
title:DCS-931Lurl:http://www.dlink.ru/mn/products/1433/1806.html
Trust: 0.8
title:SAP10049url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10049
Trust: 0.8
title:DCS-931L_REVA_FIRMWARE_1.07.B1url:http://123.124.177.30/web/xxk/bdxqById.tag?id=53998
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-001589 // 
            
            
            
            CNNVD: CNNVD-201502-370

EXTERNAL IDS
db:NVDid:CVE-2015-2049
Trust: 3.9
db:CERT/CCid:VU#377348
Trust: 3.3
db:DLINKid:SAP10049
Trust: 3.1
db:EXPLOIT-DBid:39192
Trust: 1.7
db:JVNid:JVNVU97897252
Trust: 0.8
db:JVNDBid:JVNDB-2015-001589
Trust: 0.8
db:CNNVDid:CNNVD-201502-370
Trust: 0.7
db:CNVDid:CNVD-2015-01423
Trust: 0.6
db:PACKETSTORMid:135152
Trust: 0.1
db:VULHUBid:VHN-80010
Trust: 0.1
sources:
            
            
            CERT/CC: VU#377348 // 
            
            
            
            CNVD: CNVD-2015-01423 // 
            
            
            
            VULHUB: VHN-80010 // 
            
            
            
            JVNDB: JVNDB-2015-001589 // 
            
            
            
            CNNVD: CNNVD-201502-370 // 
            
            
            
            NVD: CVE-2015-2049

REFERENCES
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10049
Trust: 3.1
url:http://www.kb.cert.org/vuls/id/377348
Trust: 2.5
url:https://www.exploit-db.com/exploits/39192/
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2049
Trust: 1.6
url:http://support.dlink.com/productinfo.aspx?m=dcs-930l
Trust: 0.8
url:http://support.dlink.com/productinfo.aspx?m=dcs-931l
Trust: 0.8
url:http://support.dlink.com/productinfo.aspx?m=dcs-932l
Trust: 0.8
url:http://support.dlink.com/productinfo.aspx?m=dcs-933l
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2049
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97897252/index.html
Trust: 0.8
sources:
            
            
            CERT/CC: VU#377348 // 
            
            
            
            CNVD: CNVD-2015-01423 // 
            
            
            
            VULHUB: VHN-80010 // 
            
            
            
            JVNDB: JVNDB-2015-001589 // 
            
            
            
            CNNVD: CNNVD-201502-370 // 
            
            
            
            NVD: CVE-2015-2049

SOURCES
db:CERT/CCid:VU#377348
db:CNVDid:CNVD-2015-01423
db:VULHUBid:VHN-80010
db:JVNDBid:JVNDB-2015-001589
db:CNNVDid:CNNVD-201502-370
db:NVDid:CVE-2015-2049

LAST UPDATE DATE
2024-11-23T21:44:27.991000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#377348date:2015-03-16T00:00:00
db:CNVDid:CNVD-2015-01423date:2015-03-04T00:00:00
db:VULHUBid:VHN-80010date:2017-09-10T00:00:00
db:JVNDBid:JVNDB-2015-001589date:2015-03-18T00:00:00
db:CNNVDid:CNNVD-201502-370date:2023-04-27T00:00:00
db:NVDid:CVE-2015-2049date:2024-11-21T02:26:39.380

SOURCES RELEASE DATE
db:CERT/CCid:VU#377348date:2015-03-16T00:00:00
db:CNVDid:CNVD-2015-01423date:2015-03-04T00:00:00
db:VULHUBid:VHN-80010date:2015-02-23T00:00:00
db:JVNDBid:JVNDB-2015-001589date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-370date:2015-02-28T00:00:00
db:NVDid:CVE-2015-2049date:2015-02-23T17:59:06.557