ID

VAR-202109-1107


CVE

CVE-2021-41503


TITLE

DCS-5000L  and  DCS-932L  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012454

DESCRIPTION

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DCS-5000L and DCS-932L There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera. D-Link DCS-5000L and DCS-932L have security vulnerabilities, which stem from the lack of effective trust management mechanisms in network systems or products

Trust: 2.25

sources: NVD: CVE-2021-41503 // JVNDB: JVNDB-2021-012454 // CNVD: CNVD-2021-94831 // VULMON: CVE-2021-41503

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-94831

AFFECTED PRODUCTS

vendor:d linkmodel:dcs-5000lscope:eqversion:1.05

Trust: 1.6

vendor:dlinkmodel:dcs-932lscope:lteversion:2.17

Trust: 1.0

vendor:d linkmodel:dcs-932lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-5000lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dcs-932lscope:lteversion:<=2.17

Trust: 0.6

sources: CNVD: CNVD-2021-94831 // JVNDB: JVNDB-2021-012454 // NVD: CVE-2021-41503

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41503
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2021-41503
value: HIGH

Trust: 1.0

NVD: CVE-2021-41503
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-94831
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1686
value: HIGH

Trust: 0.6

VULMON: CVE-2021-41503
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-41503
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-94831
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-41503
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-41503
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-94831 // VULMON: CVE-2021-41503 // JVNDB: JVNDB-2021-012454 // CNNVD: CNNVD-202109-1686 // NVD: CVE-2021-41503 // NVD: CVE-2021-41503

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-012454 // NVD: CVE-2021-41503

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1686

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-1686

PATCH

title: - url:https://www.dlink.com/en/security-bulletin

Trust: 0.8

title:Patch for D-Link DCS-5000L and DCS-932L authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/302891

Trust: 0.6

title:D-link Dcs-932L and D-link Dcs-5000L Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164768

Trust: 0.6

sources: CNVD: CNVD-2021-94831 // JVNDB: JVNDB-2021-012454 // CNNVD: CNNVD-202109-1686

EXTERNAL IDS

db:NVDid:CVE-2021-41503

Trust: 3.9

db:DLINKid:SAP10247

Trust: 1.7

db:JVNDBid:JVNDB-2021-012454

Trust: 0.8

db:CNVDid:CNVD-2021-94831

Trust: 0.6

db:CNNVDid:CNNVD-202109-1686

Trust: 0.6

db:VULMONid:CVE-2021-41503

Trust: 0.1

sources: CNVD: CNVD-2021-94831 // VULMON: CVE-2021-41503 // JVNDB: JVNDB-2021-012454 // CNNVD: CNNVD-202109-1686 // NVD: CVE-2021-41503

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-41503

Trust: 2.0

url:https://www.dlink.com/en/security-bulletin/

Trust: 1.7

url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10247

Trust: 1.7

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-94831 // VULMON: CVE-2021-41503 // JVNDB: JVNDB-2021-012454 // CNNVD: CNNVD-202109-1686 // NVD: CVE-2021-41503

SOURCES

db:CNVDid:CNVD-2021-94831
db:VULMONid:CVE-2021-41503
db:JVNDBid:JVNDB-2021-012454
db:CNNVDid:CNNVD-202109-1686
db:NVDid:CVE-2021-41503

LAST UPDATE DATE

2024-11-23T22:37:01.457000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-94831date:2021-12-07T00:00:00
db:VULMONid:CVE-2021-41503date:2021-09-30T00:00:00
db:JVNDBid:JVNDB-2021-012454date:2022-08-31T07:43:00
db:CNNVDid:CNNVD-202109-1686date:2021-10-09T00:00:00
db:NVDid:CVE-2021-41503date:2024-11-21T06:26:20.110

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-94831date:2021-12-07T00:00:00
db:VULMONid:CVE-2021-41503date:2021-09-24T00:00:00
db:JVNDBid:JVNDB-2021-012454date:2022-08-31T00:00:00
db:CNNVDid:CNNVD-202109-1686date:2021-09-24T00:00:00
db:NVDid:CVE-2021-41503date:2021-09-24T20:15:07.373