Details of VAR-202109-1107

ID

VAR-202109-1107

CVE

CVE-2021-41503

TITLE

DCS-5000L and DCS-932L Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012454

DESCRIPTION

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DCS-5000L and DCS-932L There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-link Dcs-5000L is an IP network surveillance camera. D-link Dcs-932L is a network surveillance camera. D-Link DCS-5000L and DCS-932L have security vulnerabilities, which stem from the lack of effective trust management mechanisms in network systems or products

Trust: 2.25

sources: NVD: CVE-2021-41503 // JVNDB: JVNDB-2021-012454 // CNVD: CNVD-2021-94831 // VULMON: CVE-2021-41503

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-94831

AFFECTED PRODUCTS

vendor:	d link	model:	dcs-5000l	scope:	eq	version:	1.05	Trust: 1.6
vendor:	dlink	model:	dcs-932l	scope:	lte	version:	2.17	Trust: 1.0
vendor:	d link	model:	dcs-932l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dcs-5000l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dcs-932l	scope:	lte	version:	<=2.17	Trust: 0.6

sources: CNVD: CNVD-2021-94831 // JVNDB: JVNDB-2021-012454 // NVD: CVE-2021-41503

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41503
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-41503
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-41503
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-94831
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1686
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-41503
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-41503
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-94831
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-41503
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-41503
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-94831 // VULMON: CVE-2021-41503 // JVNDB: JVNDB-2021-012454 // CNNVD: CNNVD-202109-1686 // NVD: CVE-2021-41503 // NVD: CVE-2021-41503

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-012454 // NVD: CVE-2021-41503

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1686

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-1686

PATCH

title:	-	url:	https://www.dlink.com/en/security-bulletin	Trust: 0.8
title:	Patch for D-Link DCS-5000L and DCS-932L authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/302891	Trust: 0.6
title:	D-link Dcs-932L and D-link Dcs-5000L Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164768	Trust: 0.6

sources: CNVD: CNVD-2021-94831 // JVNDB: JVNDB-2021-012454 // CNNVD: CNNVD-202109-1686

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41503	Trust: 3.9
db:	DLINK	id:	SAP10247	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-012454	Trust: 0.8
db:	CNVD	id:	CNVD-2021-94831	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1686	Trust: 0.6
db:	VULMON	id:	CVE-2021-41503	Trust: 0.1

sources: CNVD: CNVD-2021-94831 // VULMON: CVE-2021-41503 // JVNDB: JVNDB-2021-012454 // CNNVD: CNNVD-202109-1686 // NVD: CVE-2021-41503

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-41503	Trust: 2.0
url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.7
url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10247	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-94831 // VULMON: CVE-2021-41503 // JVNDB: JVNDB-2021-012454 // CNNVD: CNNVD-202109-1686 // NVD: CVE-2021-41503

SOURCES

db:	CNVD	id:	CNVD-2021-94831
db:	VULMON	id:	CVE-2021-41503
db:	JVNDB	id:	JVNDB-2021-012454
db:	CNNVD	id:	CNNVD-202109-1686
db:	NVD	id:	CVE-2021-41503

LAST UPDATE DATE

2024-08-14T13:23:21.724000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-94831	date:	2021-12-07T00:00:00
db:	VULMON	id:	CVE-2021-41503	date:	2021-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-012454	date:	2022-08-31T07:43:00
db:	CNNVD	id:	CNNVD-202109-1686	date:	2021-10-09T00:00:00
db:	NVD	id:	CVE-2021-41503	date:	2024-08-04T04:15:44.403

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-94831	date:	2021-12-07T00:00:00
db:	VULMON	id:	CVE-2021-41503	date:	2021-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-012454	date:	2022-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202109-1686	date:	2021-09-24T00:00:00
db:	NVD	id:	CVE-2021-41503	date:	2021-09-24T20:15:07.373