First published: Fri Aug 24 2018(Updated: )
D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Eyeon Baby Monitor | =1.08.1 | |
Dlink Eyeon Baby Monitor Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11563 is classified as a high severity remote code execution vulnerability.
To fix CVE-2017-11563, update the D-Link EyeOn Baby Monitor to the latest firmware version that addresses this vulnerability.
CVE-2017-11563 can be exploited by a remote attacker through crafted UDP requests to gain unauthorized access or control over the device.
CVE-2017-11563 specifically affects the D-Link EyeOn Baby Monitor firmware version 1.08.1.
Yes, CVE-2017-11563 allows remote attackers to execute arbitrary code, potentially providing unauthorized access to the device.