Details of VAR-201812-0901

ID

VAR-201812-0901

CVE

CVE-2018-18767

TITLE

D-Link myDlink Baby App Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-014450

DESCRIPTION

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and password) in base64 cleartext. An attacker could conduct an MitM attack on the local network and very easily obtain these credentials. D-Link myDlink Baby App Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Communicate directly with Wi-Fi camera (D-Link 825L with firmware version 1.08)

Trust: 2.25

sources: NVD: CVE-2018-18767 // JVNDB: JVNDB-2018-014450 // CNVD: CNVD-2018-26803 // VULHUB: VHN-129359

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-26803

AFFECTED PRODUCTS

vendor:	d link	model:	dcs-825l	scope:	eq	version:	1.08	Trust: 1.8
vendor:	dlink	model:	mydlink baby camera monitor	scope:	eq	version:	2.04.06	Trust: 1.0
vendor:	d link	model:	mydlink baby camera monitor	scope:	eq	version:	2.04.06	Trust: 0.8
vendor:	d link	model:	mydlink baby app	scope:	eq	version:	2.04.06	Trust: 0.6

sources: CNVD: CNVD-2018-26803 // JVNDB: JVNDB-2018-014450 // NVD: CVE-2018-18767

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18767
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-18767
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-26803
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201812-971
value:	HIGH
Trust: 0.6
VULHUB:	VHN-129359
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-18767
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-26803
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-129359
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18767
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-26803 // VULHUB: VHN-129359 // JVNDB: JVNDB-2018-014450 // CNNVD: CNNVD-201812-971 // NVD: CVE-2018-18767

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-129359 // JVNDB: JVNDB-2018-014450 // NVD: CVE-2018-18767

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-971

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-971

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014450

PATCH

title:

Top Page

url:

https://www.dlink.com/en/consumer

Trust: 0.8

sources: JVNDB: JVNDB-2018-014450

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18767	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-014450	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-971	Trust: 0.7
db:	CNVD	id:	CNVD-2018-26803	Trust: 0.6
db:	VULHUB	id:	VHN-129359	Trust: 0.1

sources: CNVD: CNVD-2018-26803 // VULHUB: VHN-129359 // JVNDB: JVNDB-2018-014450 // CNNVD: CNNVD-201812-971 // NVD: CVE-2018-18767

REFERENCES

url:	https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18767	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18767	Trust: 0.8

sources: CNVD: CNVD-2018-26803 // VULHUB: VHN-129359 // JVNDB: JVNDB-2018-014450 // CNNVD: CNNVD-201812-971 // NVD: CVE-2018-18767

SOURCES

db:	CNVD	id:	CNVD-2018-26803
db:	VULHUB	id:	VHN-129359
db:	JVNDB	id:	JVNDB-2018-014450
db:	CNNVD	id:	CNNVD-201812-971
db:	NVD	id:	CVE-2018-18767

LAST UPDATE DATE

2024-11-23T22:51:53.522000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-26803	date:	2018-12-28T00:00:00
db:	VULHUB	id:	VHN-129359	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-014450	date:	2019-03-22T00:00:00
db:	CNNVD	id:	CNNVD-201812-971	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-18767	date:	2024-11-21T03:56:33.843

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-26803	date:	2018-12-27T00:00:00
db:	VULHUB	id:	VHN-129359	date:	2018-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-014450	date:	2019-03-22T00:00:00
db:	CNNVD	id:	CNNVD-201812-971	date:	2018-12-21T00:00:00
db:	NVD	id:	CVE-2018-18767	date:	2018-12-20T23:29:00.863