What is the severity of CVE-2017-7852?

CVE-2017-7852 is considered a high severity vulnerability due to its potential for unauthorized access and modification of device settings.

How do I fix CVE-2017-7852?

To fix CVE-2017-7852, update your D-Link DCS camera firmware to the latest version provided by D-Link that addresses this vulnerability.

What devices are affected by CVE-2017-7852?

CVE-2017-7852 affects multiple models of D-Link DCS cameras, including the DCS-2230L, DCS-2310L, and several others listed in the vulnerability description.

What type of attack is associated with CVE-2017-7852?

CVE-2017-7852 is associated with CSRF attacks, allowing attackers to change device settings via malicious Flash objects.

Can CVE-2017-7852 be exploited remotely?

Yes, CVE-2017-7852 can be exploited remotely due to its insecure CrossDomain.XML configuration that accepts requests from any domain.

Vulnerability/
CVE-2017-7852

high

8.8

CWE

352

24/4/2017

5/8/2024

CVE-2017-7852: CSRF

First published: Mon Apr 24 2017(Updated: )

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
D-Link DCS-2230L Firmware	<=1.03.01
D-Link DCS-2230L Firmware
D-Link DCS-2310L Firmware	<=1.08.01
D-Link DCS-2310L
D-Link DCS-2332L	<=1.08.01
D-Link DCS-2332L
D-Link DCS-6010L	<=1.15.01
D-Link DCS-6010L
dlink dcs-7010l firmware	<=1.08.01
D-Link DCS-7010L
dlink DCS-2530L firmware	<=1.00.21
dlink DCS-2530L firmware
D-Link DCS-930L Firmware	<=1.15.04
D-Link DCS-930L
D-Link DCS-930L Firmware	<=2.13.15
dlink DCS-932L	<=1.13.04
dlink DCS-932L
dlink DCS-932L	<=2.13.15
D-Link DCS-934L Firmware	<=1.04.15
D-Link DCS-934L
D-Link DCS-942L Firmware	<=1.27
D-Link DCS-942L
D-Link DCS-942L Firmware	<=2.11.03
D-Link DCS-931L Firmware	<=1.13.05
dlink dcs-931l
dlink DCS-933L firmware	<=1.13.05
dlink DCS-933L firmware
D-Link DCS-5009L	<=1.07.05
D-Link DCS-5009L
D-Link DCS-5010L Firmware	<=1.13.05
D-Link DCS-5010L
dlink DCS-5020L	<=1.13.05
dlink DCS-5020L firmware
D-Link DCS-5000L Firmware	<=1.02.02
D-Link DCS-5000L
D-Link DCS-5025L Firmware	<=1.02.10
D-Link DCS-5025L
D-Link DCS-5030L	<=1.01.06
D-Link DCS-5030L
D-Link DCS-2210L	<=1.03.01
D-Link DCS-2210L
D-Link DCS-2136L	<=1.04.01
D-Link DCS-2136L
D-Link DCS-2132L	<=1.08.01
D-Link DCS-2132L
D-Link DCS-7000L Firmware	<=1.04.00
D-Link DCS-7000L
D-Link DCS-6212L Firmware	<=1.00.12
D-Link DCS-6212L
D-Link DCS-5029L Firmware	<=1.12.00
D-Link DCS-5029L
D-Link DCS-2310L Firmware	<=2.03.00
D-Link DCS-2330L	<=1.13.00
D-Link DCS-2330L
D-Link DCS-2132L	<=2.12.00
D-Link DCS-5222L	<=2.12.00
D-Link DCS-5222L

Never miss a vulnerability like this again

Reference Links

https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf

Frequently Asked Questions

What is the severity of CVE-2017-7852?
CVE-2017-7852 is considered a high severity vulnerability due to its potential for unauthorized access and modification of device settings.
How do I fix CVE-2017-7852?
To fix CVE-2017-7852, update your D-Link DCS camera firmware to the latest version provided by D-Link that addresses this vulnerability.
What devices are affected by CVE-2017-7852?
CVE-2017-7852 affects multiple models of D-Link DCS cameras, including the DCS-2230L, DCS-2310L, and several others listed in the vulnerability description.
What type of attack is associated with CVE-2017-7852?
CVE-2017-7852 is associated with CSRF attacks, allowing attackers to change device settings via malicious Flash objects.
Can CVE-2017-7852 be exploited remotely?
Yes, CVE-2017-7852 can be exploited remotely due to its insecure CrossDomain.XML configuration that accepts requests from any domain.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/references
agent/description
agent/event
agent/first-publish-date
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/dlink
canonical/d-link dcs-2230l firmware
version/d-link dcs-2230l firmware/1.03.01
canonical/d-link dcs-2310l firmware
version/d-link dcs-2310l firmware/1.08.01
canonical/d-link dcs-2310l
canonical/d-link dcs-2332l
version/d-link dcs-2332l/1.08.01
canonical/d-link dcs-6010l
version/d-link dcs-6010l/1.15.01
canonical/dlink dcs-7010l firmware
version/dlink dcs-7010l firmware/1.08.01
canonical/d-link dcs-7010l
canonical/dlink dcs-2530l firmware
version/dlink dcs-2530l firmware/1.00.21
canonical/d-link dcs-930l firmware
version/d-link dcs-930l firmware/1.15.04
canonical/d-link dcs-930l
version/d-link dcs-930l firmware/2.13.15
canonical/dlink dcs-932l
version/dlink dcs-932l/1.13.04
version/dlink dcs-932l/2.13.15
canonical/d-link dcs-934l firmware
version/d-link dcs-934l firmware/1.04.15
canonical/d-link dcs-934l
canonical/d-link dcs-942l firmware
version/d-link dcs-942l firmware/1.27
canonical/d-link dcs-942l
version/d-link dcs-942l firmware/2.11.03
canonical/d-link dcs-931l firmware
version/d-link dcs-931l firmware/1.13.05
canonical/dlink dcs-931l
canonical/dlink dcs-933l firmware
version/dlink dcs-933l firmware/1.13.05
canonical/d-link dcs-5009l
version/d-link dcs-5009l/1.07.05
canonical/d-link dcs-5010l firmware
version/d-link dcs-5010l firmware/1.13.05
canonical/d-link dcs-5010l
canonical/dlink dcs-5020l
version/dlink dcs-5020l/1.13.05
canonical/dlink dcs-5020l firmware
canonical/d-link dcs-5000l firmware
version/d-link dcs-5000l firmware/1.02.02
canonical/d-link dcs-5000l
canonical/d-link dcs-5025l firmware
version/d-link dcs-5025l firmware/1.02.10
canonical/d-link dcs-5025l
canonical/d-link dcs-5030l
version/d-link dcs-5030l/1.01.06
canonical/d-link dcs-2210l
version/d-link dcs-2210l/1.03.01
canonical/d-link dcs-2136l
version/d-link dcs-2136l/1.04.01
canonical/d-link dcs-2132l
version/d-link dcs-2132l/1.08.01
canonical/d-link dcs-7000l firmware
version/d-link dcs-7000l firmware/1.04.00
canonical/d-link dcs-7000l
canonical/d-link dcs-6212l firmware
version/d-link dcs-6212l firmware/1.00.12
canonical/d-link dcs-6212l
canonical/d-link dcs-5029l firmware
version/d-link dcs-5029l firmware/1.12.00
canonical/d-link dcs-5029l
version/d-link dcs-2310l firmware/2.03.00
canonical/d-link dcs-2330l
version/d-link dcs-2330l/1.13.00
version/d-link dcs-2132l/2.12.00
canonical/d-link dcs-5222l
version/d-link dcs-5222l/2.12.00