Sign-up

ID

VAR-201704-1588


CVE

CVE-2017-7852


TITLE

plural D-Link DCS Cross-site request forgery vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2017-003648

DESCRIPTION

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. plural D-Link DCS The camera contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDCS-933L is a wireless surveillance camera device from D-Link. There are security holes in several D-LinkDCS cameras. D-Link DCS-933L, etc. The following products are affected: D-Link DCS-5030L; DCS-5020L; DCS-2530L; DCS-2630L;

Trust: 2.43

sources: NVD: CVE-2017-7852 // JVNDB: JVNDB-2017-003648 // CNVD: CNVD-2017-06729 // IVD: 76b829da-d734-4842-bae5-3dd9ff5f23dc // VULHUB: VHN-116055

IOT TAXONOMY

category:['IoT', 'ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None // IVD: 76b829da-d734-4842-bae5-3dd9ff5f23dc // CNVD: CNVD-2017-06729

AFFECTED PRODUCTS

vendor:dlinkmodel:dcs-931lscope:lteversion:1.13.05

Trust: 1.0

vendor:dlinkmodel:dcs-933lscope:lteversion:1.13.05

Trust: 1.0

vendor:dlinkmodel:dcs-2136lscope:lteversion:1.04.01

Trust: 1.0

vendor:dlinkmodel:dcs-6212lscope:lteversion:1.00.12

Trust: 1.0

vendor:dlinkmodel:dcs-2132lscope:lteversion:2.12.00

Trust: 1.0

vendor:dlinkmodel:dcs-942lscope:lteversion:1.27

Trust: 1.0

vendor:dlinkmodel:dcs-5029lscope:lteversion:1.12.00

Trust: 1.0

vendor:dlinkmodel:dcs-5000lscope:lteversion:1.02.02

Trust: 1.0

vendor:dlinkmodel:dcs-5009lscope:lteversion:1.07.05

Trust: 1.0

vendor:dlinkmodel:dcs-2530lscope:lteversion:1.00.21

Trust: 1.0

vendor:dlinkmodel:dcs-932lscope:lteversion:1.13.04

Trust: 1.0

vendor:dlinkmodel:dcs-942lscope:lteversion:2.11.03

Trust: 1.0

vendor:dlinkmodel:dcs-6010lscope:lteversion:1.15.01

Trust: 1.0

vendor:dlinkmodel:dcs-2332lscope:lteversion:1.08.01

Trust: 1.0

vendor:dlinkmodel:dcs-5010lscope:lteversion:1.13.05

Trust: 1.0

vendor:dlinkmodel:dcs-2310lscope:lteversion:1.08.01

Trust: 1.0

vendor:dlinkmodel:dcs-5030lscope:lteversion:1.01.06

Trust: 1.0

vendor:dlinkmodel:dcs-7010lscope:lteversion:1.08.01

Trust: 1.0

vendor:dlinkmodel:dcs-930lscope:lteversion:1.15.04

Trust: 1.0

vendor:dlinkmodel:dcs-2210lscope:lteversion:1.03.01

Trust: 1.0

vendor:dlinkmodel:dcs-2132lscope:lteversion:1.08.01

Trust: 1.0

vendor:dlinkmodel:dcs-2230lscope:lteversion:1.03.01

Trust: 1.0

vendor:dlinkmodel:dcs-932lscope:lteversion:2.13.15

Trust: 1.0

vendor:dlinkmodel:dcs-5020lscope:lteversion:1.13.05

Trust: 1.0

vendor:dlinkmodel:dcs-7000lscope:lteversion:1.04.00

Trust: 1.0

vendor:dlinkmodel:dcs-5222lscope:lteversion:2.12.00

Trust: 1.0

vendor:dlinkmodel:dcs-934lscope:lteversion:1.04.15

Trust: 1.0

vendor:dlinkmodel:dcs-930lscope:lteversion:2.13.15

Trust: 1.0

vendor:dlinkmodel:dcs-5025lscope:lteversion:1.02.10

Trust: 1.0

vendor:dlinkmodel:dcs-2330lscope:lteversion:1.13.00

Trust: 1.0

vendor:dlinkmodel:dcs-2310lscope:lteversion:2.03.00

Trust: 1.0

vendor:d linkmodel:dcs-2132lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-2136lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-2210lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-2230lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-2310lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-2330lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-2332lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-2530lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5000lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5009lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5010lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5020lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5025lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5029lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5030lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5222lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-6010lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-6212lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-7000lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-7010lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-930lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-931lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-932lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-933lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-934lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-942lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcsscope:ltversion:1.13.05

Trust: 0.6

vendor:d linkmodel:dcs-933lscope:ltversion:1.13.05

Trust: 0.6

vendor:d linkmodel:dcs-5030lscope:ltversion:1.13.05

Trust: 0.6

vendor:d linkmodel:dcs-5020lscope:ltversion:1.13.05

Trust: 0.6

vendor:d linkmodel:dcs-2530lscope:ltversion:1.13.05

Trust: 0.6

vendor:d linkmodel:dcs-2630lscope:ltversion:1.13.05

Trust: 0.6

vendor:d linkmodel:dcs-7000lscope:eqversion:1.04.00

Trust: 0.6

vendor:d linkmodel:dcs-2136lscope:eqversion:1.04.01

Trust: 0.6

vendor:d linkmodel:dcs-5000lscope:eqversion:1.02.02

Trust: 0.6

vendor:d linkmodel:dcs-5029lscope:eqversion:1.12.00

Trust: 0.6

vendor:d linkmodel:dcs-2310lscope:eqversion:2.03.00

Trust: 0.6

vendor:d linkmodel:dcs-2330lscope:eqversion:1.13.00

Trust: 0.6

vendor:d linkmodel:dcs-2132lscope:eqversion:2.12.00

Trust: 0.6

vendor:d linkmodel:dcs-2132lscope:eqversion:1.08.01

Trust: 0.6

vendor:d linkmodel:dcs-2210lscope:eqversion:1.03.01

Trust: 0.6

vendor:d linkmodel:dcs-5025lscope:eqversion:1.02.10

Trust: 0.6

vendor:dcs 932lmodel: - scope:eqversion:*

Trust: 0.4

vendor:dcs 942lmodel: - scope:eqversion:*

Trust: 0.4

vendor:dcs 2310lmodel: - scope:eqversion:*

Trust: 0.4

vendor:dcs 2132lmodel: - scope:eqversion:*

Trust: 0.4

vendor:dcs 930lmodel: - scope:eqversion:*

Trust: 0.4

vendor:dcs 2230lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 934lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 931lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 933lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5009lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5010lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5020lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5000lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5025lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5030lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 2210lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 2136lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 7000lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 6212lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5222lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5029lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 2332lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 2330lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 6010lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 7010lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 2530lmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 76b829da-d734-4842-bae5-3dd9ff5f23dc // CNVD: CNVD-2017-06729 // JVNDB: JVNDB-2017-003648 // CNNVD: CNNVD-201704-783 // NVD: CVE-2017-7852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7852
value: HIGH

Trust: 1.0

NVD: CVE-2017-7852
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-06729
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-783
value: HIGH

Trust: 0.6

IVD: 76b829da-d734-4842-bae5-3dd9ff5f23dc
value: MEDIUM

Trust: 0.2

VULHUB: VHN-116055
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7852
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06729
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 76b829da-d734-4842-bae5-3dd9ff5f23dc
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-116055
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7852
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-7852
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 76b829da-d734-4842-bae5-3dd9ff5f23dc // CNVD: CNVD-2017-06729 // VULHUB: VHN-116055 // JVNDB: JVNDB-2017-003648 // CNNVD: CNNVD-201704-783 // NVD: CVE-2017-7852

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-116055 // JVNDB: JVNDB-2017-003648 // NVD: CVE-2017-7852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-783

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201704-783

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003648

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-116055

PATCH
title:Top Pageurl:http://us.dlink.com/
Trust: 0.8
title:Patch for D-LinkDCS Cross-site Forgery Request Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/93817
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06729 // 
            
            
            
            JVNDB: JVNDB-2017-003648

EXTERNAL IDS
db:NVDid:CVE-2017-7852
Trust: 3.4
db:CNNVDid:CNNVD-201704-783
Trust: 0.9
db:CNVDid:CNVD-2017-06729
Trust: 0.8
db:JVNDBid:JVNDB-2017-003648
Trust: 0.8
db:IVDid:76B829DA-D734-4842-BAE5-3DD9FF5F23DC
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:EXPLOIT-DBid:42074
Trust: 0.1
db:PACKETSTORMid:142702
Trust: 0.1
db:VULHUBid:VHN-116055
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: 76b829da-d734-4842-bae5-3dd9ff5f23dc // 
            
            
            
            CNVD: CNVD-2017-06729 // 
            
            
            
            VULHUB: VHN-116055 // 
            
            
            
            JVNDB: JVNDB-2017-003648 // 
            
            
            
            CNNVD: CNNVD-201704-783 // 
            
            
            
            NVD: CVE-2017-7852

REFERENCES
url:https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7852
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7852
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-06729 // 
            
            
            
            VULHUB: VHN-116055 // 
            
            
            
            JVNDB: JVNDB-2017-003648 // 
            
            
            
            CNNVD: CNNVD-201704-783 // 
            
            
            
            NVD: CVE-2017-7852

SOURCES
db:OTHERid: - 
db:IVDid:76b829da-d734-4842-bae5-3dd9ff5f23dc
db:CNVDid:CNVD-2017-06729
db:VULHUBid:VHN-116055
db:JVNDBid:JVNDB-2017-003648
db:CNNVDid:CNNVD-201704-783
db:NVDid:CVE-2017-7852

LAST UPDATE DATE
2025-01-30T21:14:28.626000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06729date:2017-05-16T00:00:00
db:VULHUBid:VHN-116055date:2017-05-08T00:00:00
db:JVNDBid:JVNDB-2017-003648date:2017-06-01T00:00:00
db:CNNVDid:CNNVD-201704-783date:2021-04-14T00:00:00
db:NVDid:CVE-2017-7852date:2024-11-21T03:32:48.153

SOURCES RELEASE DATE
db:IVDid:76b829da-d734-4842-bae5-3dd9ff5f23dcdate:2017-05-16T00:00:00
db:CNVDid:CNVD-2017-06729date:2017-05-16T00:00:00
db:VULHUBid:VHN-116055date:2017-04-24T00:00:00
db:JVNDBid:JVNDB-2017-003648date:2017-06-01T00:00:00
db:CNNVDid:CNNVD-201704-783date:2017-04-18T00:00:00
db:NVDid:CVE-2017-7852date:2017-04-24T10:59:00.160