CVE-2017-8409
First published: Tue Jul 02 2019(Updated: )
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dcs-1130 Firmware | ||
| Dlink Dcs-1130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue on D-Link DCS-1130 devices?
The vulnerability ID for this issue on D-Link DCS-1130 devices is CVE-2017-8409.
What is the severity of CVE-2017-8409?
CVE-2017-8409 has a severity rating of 7.5, which is considered high.
How does the vulnerability on D-Link DCS-1130 devices occur?
The vulnerability on D-Link DCS-1130 devices allows an attacker with access to a specific URL to view the live video feed without providing a username and password.
Which software version of D-Link DCS-1130 is affected by this vulnerability?
D-Link DCS-1130 devices with the firmware version are affected by this vulnerability.
Are all versions of D-Link DCS-1130 vulnerable to this issue?
No, the specific software version of D-Link DCS-1130 is vulnerable to this issue.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dlink
- canonical/dlink dcs-1130 firmware
- canonical/dlink dcs-1130