Details of VAR-201907-1069

ID

VAR-201907-1069

CVE

CVE-2017-8409

TITLE

D-Link DCS-1130 Authorization vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014559

DESCRIPTION

An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. D-Link DCS-1130 The device contains an authorization vulnerability.Information may be obtained. D-LinkDCS-1130 is a network camera of D-Link Corporation of Taiwan, China. A cross-site request forgery vulnerability exists in D-LinkDCS-1130

Trust: 2.34

sources: NVD: CVE-2017-8409 // JVNDB: JVNDB-2017-014559 // CNVD: CNVD-2019-23339 // VULHUB: VHN-116612 // VULMON: CVE-2017-8409

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-23339

AFFECTED PRODUCTS

vendor:	dlink	model:	dcs-1130	scope:	eq	version:	-	Trust: 1.0
vendor:	d link	model:	dcs-1130	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dcs-1130 no	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-23339 // JVNDB: JVNDB-2017-014559 // NVD: CVE-2017-8409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8409
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8409
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-23339
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-124
value:	HIGH
Trust: 0.6
VULHUB:	VHN-116612
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-8409
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-8409
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-23339
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116612
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8409
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2017-8409
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-23339 // VULHUB: VHN-116612 // VULMON: CVE-2017-8409 // JVNDB: JVNDB-2017-014559 // CNNVD: CNNVD-201907-124 // NVD: CVE-2017-8409

PROBLEMTYPE DATA

problemtype:

CWE-285

Trust: 1.9

sources: VULHUB: VHN-116612 // JVNDB: JVNDB-2017-014559 // NVD: CVE-2017-8409

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-124

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-124

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014559

PATCH

title:	Top Page	url:	https://www.dlink.com/en/consumer	Trust: 0.8
title:	IoT_vulnerabilities	url:	https://github.com/ethanhunnt/IoT_vulnerabilities	Trust: 0.1

sources: VULMON: CVE-2017-8409 // JVNDB: JVNDB-2017-014559

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8409	Trust: 3.3
db:	PACKETSTORM	id:	153226	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-014559	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-124	Trust: 0.7
db:	CNVD	id:	CNVD-2019-23339	Trust: 0.6
db:	VULHUB	id:	VHN-116612	Trust: 0.1
db:	VULMON	id:	CVE-2017-8409	Trust: 0.1

sources: CNVD: CNVD-2019-23339 // VULHUB: VHN-116612 // VULMON: CVE-2017-8409 // JVNDB: JVNDB-2017-014559 // PACKETSTORM: 153226 // CNNVD: CNNVD-201907-124 // NVD: CVE-2017-8409

REFERENCES

url:	https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/dlink_dcs_1130_security.pdf	Trust: 2.6
url:	http://packetstormsecurity.com/files/153226/dlink-dcs-1130-command-injection-csrf-stack-overflow.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8409	Trust: 2.1
url:	https://seclists.org/bugtraq/2019/jun/8	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8409	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/285.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ethanhunnt/iot_vulnerabilities	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8408	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8413	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8405	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8406	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8410	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8412	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8415	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8417	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8404	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8416	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8411	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8407	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8414	Trust: 0.1

CREDITS

Mandar Satam

Trust: 0.1

sources: PACKETSTORM: 153226

SOURCES

db:	CNVD	id:	CNVD-2019-23339
db:	VULHUB	id:	VHN-116612
db:	VULMON	id:	CVE-2017-8409
db:	JVNDB	id:	JVNDB-2017-014559
db:	PACKETSTORM	id:	153226
db:	CNNVD	id:	CNNVD-201907-124
db:	NVD	id:	CVE-2017-8409

LAST UPDATE DATE

2024-11-23T21:37:04.614000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-23339	date:	2019-07-19T00:00:00
db:	VULHUB	id:	VHN-116612	date:	2019-07-09T00:00:00
db:	VULMON	id:	CVE-2017-8409	date:	2021-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-014559	date:	2019-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201907-124	date:	2021-04-25T00:00:00
db:	NVD	id:	CVE-2017-8409	date:	2024-11-21T03:33:58.840

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-23339	date:	2019-07-18T00:00:00
db:	VULHUB	id:	VHN-116612	date:	2019-07-02T00:00:00
db:	VULMON	id:	CVE-2017-8409	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014559	date:	2019-07-10T00:00:00
db:	PACKETSTORM	id:	153226	date:	2019-06-07T15:06:02
db:	CNNVD	id:	CNNVD-201907-124	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2017-8409	date:	2019-07-02T20:15:11.043