Sign-up

ID

VAR-201812-0065


CVE

CVE-2018-18441


TITLE

plural D-Link DCS series Product Wi-Fi Information disclosure vulnerability in cameras

Trust: 0.8

sources: JVNDB: JVNDB-2018-014473

DESCRIPTION

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: <Camera-IP>/common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings. / Output settings, speaker and sensor settings information, etc. D-Link DCS-936L, etc. The following products are affected: D-Link DCS-936L; DCS-942L; DCS-8000LH; DCS-942LB1; 5222LB1; DCS-5020L, etc

Trust: 2.43

sources: NVD: CVE-2018-18441 // JVNDB: JVNDB-2018-014473 // CNVD: CNVD-2018-26797 // IVD: 7d831f62-463f-11e9-8196-000c29342cb1 // VULHUB: VHN-129001

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None // IVD: 7d831f62-463f-11e9-8196-000c29342cb1 // CNVD: CNVD-2018-26797

AFFECTED PRODUCTS

vendor:d linkmodel:dcs-936lscope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-942lscope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-8000lhscope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-942lb1scope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-5222lscope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-825lscope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-2630lscope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-820lscope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-855lscope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-2121scope: - version: -

Trust: 1.4

vendor:dlinkmodel:dcs-930lscope:gteversion:1.00

Trust: 1.0

vendor:dlinkmodel:dcs-5030lscope:gteversion:1.00

Trust: 1.0

vendor:dlinkmodel:dcs-933lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-5222lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-936lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-825lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-2630lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-942lb1scope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-5222lb1scope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-8100lhscope:gteversion:1.00

Trust: 1.0

vendor:dlinkmodel:dcs-932lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-2102scope:gteversion:1.00

Trust: 1.0

vendor:dlinkmodel:dcs-942lscope:gteversion:1.00

Trust: 1.0

vendor:dlinkmodel:dcs-5020lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-820lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-2121scope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-8000lhscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-855lscope:gteversion:1.00

Trust: 1.0

vendor:d linkmodel:dcs-5222lb1scope: - version: -

Trust: 0.6

vendor:d linkmodel:dcs-5020lscope: - version: -

Trust: 0.6

vendor:dcs 942lb1model: - scope:eqversion:*

Trust: 0.4

vendor:dcs 936lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 2121model: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5222lb1model: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5020lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 930lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 8100lhmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 932lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 2102model: - scope:eqversion:*

Trust: 0.2

vendor:dcs 933lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5030lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 942lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 8000lhmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 5222lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 825lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 2630lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 820lmodel: - scope:eqversion:*

Trust: 0.2

vendor:dcs 855lmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d831f62-463f-11e9-8196-000c29342cb1 // CNVD: CNVD-2018-26797 // JVNDB: JVNDB-2018-014473 // NVD: CVE-2018-18441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18441
value: HIGH

Trust: 1.0

NVD: CVE-2018-18441
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-26797
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-968
value: HIGH

Trust: 0.6

IVD: 7d831f62-463f-11e9-8196-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-129001
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-18441
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-26797
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d831f62-463f-11e9-8196-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-129001
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18441
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 7d831f62-463f-11e9-8196-000c29342cb1 // CNVD: CNVD-2018-26797 // VULHUB: VHN-129001 // JVNDB: JVNDB-2018-014473 // CNNVD: CNNVD-201812-968 // NVD: CVE-2018-18441

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-129001 // JVNDB: JVNDB-2018-014473 // NVD: CVE-2018-18441

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-968

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-968

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014473

PATCH
title:Top Pageurl:https://www.dlink.com/en/consumer
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014473

EXTERNAL IDS
db:NVDid:CVE-2018-18441
Trust: 3.4
db:CNNVDid:CNNVD-201812-968
Trust: 0.9
db:CNVDid:CNVD-2018-26797
Trust: 0.8
db:JVNDBid:JVNDB-2018-014473
Trust: 0.8
db:IVDid:7D831F62-463F-11E9-8196-000C29342CB1
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-129001
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: 7d831f62-463f-11e9-8196-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-26797 // 
            
            
            
            VULHUB: VHN-129001 // 
            
            
            
            JVNDB: JVNDB-2018-014473 // 
            
            
            
            CNNVD: CNNVD-201812-968 // 
            
            
            
            NVD: CVE-2018-18441

REFERENCES
url:https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18441
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-18441
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-26797 // 
            
            
            
            VULHUB: VHN-129001 // 
            
            
            
            JVNDB: JVNDB-2018-014473 // 
            
            
            
            CNNVD: CNNVD-201812-968 // 
            
            
            
            NVD: CVE-2018-18441

SOURCES
db:OTHERid: - 
db:IVDid:7d831f62-463f-11e9-8196-000c29342cb1
db:CNVDid:CNVD-2018-26797
db:VULHUBid:VHN-129001
db:JVNDBid:JVNDB-2018-014473
db:CNNVDid:CNNVD-201812-968
db:NVDid:CVE-2018-18441

LAST UPDATE DATE
2025-01-30T19:33:35.858000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-26797date:2019-01-02T00:00:00
db:VULHUBid:VHN-129001date:2019-02-13T00:00:00
db:JVNDBid:JVNDB-2018-014473date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201812-968date:2023-04-27T00:00:00
db:NVDid:CVE-2018-18441date:2024-11-21T03:55:56.640

SOURCES RELEASE DATE
db:IVDid:7d831f62-463f-11e9-8196-000c29342cb1date:2018-12-28T00:00:00
db:CNVDid:CNVD-2018-26797date:2018-12-27T00:00:00
db:VULHUBid:VHN-129001date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-014473date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201812-968date:2018-12-21T00:00:00
db:NVDid:CVE-2018-18441date:2018-12-20T23:29:00.707