Sign-up

ID

VAR-201907-1073


CVE

CVE-2017-8413


TITLE

D-Link DCS-1100 and DCS-1130 Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014562

DESCRIPTION

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code that handles commands to be executed on the device. The custom protocol created by D-Link follows the following pattern: Packetlen, Type of packet; M=MAC address of device or broadcast; D=Device Type;C=base64 encoded command string;test=1111. If a packet is received with the packet type being "S" or 0x53 then the string passed in the "C" parameter is base64 decoded and then executed by passing into a System API. We can see at address 0x00009B44 that the string received in packet type subtracts 0x31 or "1" from the packet type and is compared against 0x22 or "double quotes". If that is the case, then the packet is sent towards the block of code that executes a command. Then the value stored in "C" parameter is extracted at address 0x0000A1B0. Finally, the string received is base 64 decoded and passed on to the system API at address 0x0000A2A8 as shown below. The same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third-party application on the device to execute commands on the device without any authentication by sending just 1 UDP packet with custom base64 encoding. D-Link DCS-1100 and DCS-1130 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-LinkDCS-1100 and D-LinkDCS-1130 are both network cameras from D-Link Corporation of Taiwan, China. A cross-site request forgery vulnerability exists in the D-LinkDCS-1100 and DCS-1130 devices. A local attacker can exploit this vulnerability to execute commands without authentication

Trust: 2.34

sources: NVD: CVE-2017-8413 // JVNDB: JVNDB-2017-014562 // CNVD: CNVD-2019-23340 // VULHUB: VHN-116616 // VULMON: CVE-2017-8413

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-23340

AFFECTED PRODUCTS

vendor:d linkmodel:dcs-1130scope: - version: -

Trust: 1.4

vendor:d linkmodel:dcs-1100scope: - version: -

Trust: 1.4

vendor:dlinkmodel:dcs-1130scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dcs-1100scope:eqversion: -

Trust: 1.0

sources: CNVD: CNVD-2019-23340 // JVNDB: JVNDB-2017-014562 // NVD: CVE-2017-8413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8413
value: HIGH

Trust: 1.0

NVD: CVE-2017-8413
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-23340
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-122
value: HIGH

Trust: 0.6

VULHUB: VHN-116616
value: HIGH

Trust: 0.1

VULMON: CVE-2017-8413
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8413
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-23340
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116616
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8413
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-8413
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-23340 // VULHUB: VHN-116616 // VULMON: CVE-2017-8413 // JVNDB: JVNDB-2017-014562 // CNNVD: CNNVD-201907-122 // NVD: CVE-2017-8413

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-116616 // JVNDB: JVNDB-2017-014562 // NVD: CVE-2017-8413

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201907-122

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-122

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014562

PATCH
title:Top Pageurl:https://www.dlink.com/en/consumer
Trust: 0.8
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-8413 // 
            
            
            
            JVNDB: JVNDB-2017-014562

EXTERNAL IDS
db:NVDid:CVE-2017-8413
Trust: 3.3
db:PACKETSTORMid:153226
Trust: 1.9
db:JVNDBid:JVNDB-2017-014562
Trust: 0.8
db:CNNVDid:CNNVD-201907-122
Trust: 0.7
db:CNVDid:CNVD-2019-23340
Trust: 0.6
db:VULHUBid:VHN-116616
Trust: 0.1
db:VULMONid:CVE-2017-8413
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23340 // 
            
            
            
            VULHUB: VHN-116616 // 
            
            
            
            VULMON: CVE-2017-8413 // 
            
            
            
            JVNDB: JVNDB-2017-014562 // 
            
            
            
            PACKETSTORM: 153226 // 
            
            
            
            CNNVD: CNNVD-201907-122 // 
            
            
            
            NVD: CVE-2017-8413

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/dlink_dcs_1130_security.pdf
Trust: 2.6
url:http://packetstormsecurity.com/files/153226/dlink-dcs-1130-command-injection-csrf-stack-overflow.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2017-8413
Trust: 2.1
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8413
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8408
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8405
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8406
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8410
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8412
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8409
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8415
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8417
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8404
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8416
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8411
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8407
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8414
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23340 // 
            
            
            
            VULHUB: VHN-116616 // 
            
            
            
            VULMON: CVE-2017-8413 // 
            
            
            
            JVNDB: JVNDB-2017-014562 // 
            
            
            
            PACKETSTORM: 153226 // 
            
            
            
            CNNVD: CNNVD-201907-122 // 
            
            
            
            NVD: CVE-2017-8413

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153226

SOURCES
db:CNVDid:CNVD-2019-23340
db:VULHUBid:VHN-116616
db:VULMONid:CVE-2017-8413
db:JVNDBid:JVNDB-2017-014562
db:PACKETSTORMid:153226
db:CNNVDid:CNNVD-201907-122
db:NVDid:CVE-2017-8413

LAST UPDATE DATE
2024-11-23T21:37:04.875000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-23340date:2019-07-19T00:00:00
db:VULHUBid:VHN-116616date:2019-07-10T00:00:00
db:VULMONid:CVE-2017-8413date:2021-04-23T00:00:00
db:JVNDBid:JVNDB-2017-014562date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-122date:2021-04-25T00:00:00
db:NVDid:CVE-2017-8413date:2024-11-21T03:33:59.480

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-23340date:2019-07-18T00:00:00
db:VULHUBid:VHN-116616date:2019-07-02T00:00:00
db:VULMONid:CVE-2017-8413date:2019-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014562date:2019-07-11T00:00:00
db:PACKETSTORMid:153226date:2019-06-07T15:06:02
db:CNNVDid:CNNVD-201907-122date:2019-07-02T00:00:00
db:NVDid:CVE-2017-8413date:2019-07-02T21:15:10.180